Example HackerOne Threat Model

Access levels:

  • Unauthenticated

Entrypoints [non-static]:

Target assets:

  • User credentials and PII
  • Private program names
  • Confidential bug reports
  • Database credentials

Top priority:

  • Hacktivity (global and program), Program Directory
  • Sign-in
  • Sign-up forms
  • Forgot password
  • Contact forms