Explore the complexities of crowdsourced security models and bug bounty programs in this 40-minute conference talk from AppSec EU 2017. Examine the intended benefits of these programs in discovering and resolving vulnerabilities in production applications, while critically analyzing their potential drawbacks and deviations from effective security development lifecycles. Learn strategies for maintaining a focused, risk-based approach that contributes positively to development, and avoid common pitfalls that can turn these programs into distractions. Delve into the implications of bounty programs on appsec automation trends and identify remaining gaps in the field. Gain insights into the broader challenges of building a useful appsec program, including budgeting and communication aspects, beyond mere bug identification. This talk, presented by Mike Shema and managed by the official OWASP Media Project, offers a comprehensive look at the flaws and strengths of crowd-based security approaches.
The Flaws in Hordes, The Security in Crowds - Crowdsourced Security Models
Overview
Syllabus
AppSec EU 2017 The Flaws In Hordes, The Security In Crowds by Mike Shema
Taught by
OWASP Foundation
Related Courses
-
Demystifying Program Management in Crowdsourced Security
-
How the Crowd Outperforms Traditional Security Testing
-
Practical Tips for Running a Successful Bug Bounty Program
-
Crowdsourced Security: Insights from Industry Pioneers - Founder AMA
-
Don't Let Bug Bounty Kill Your AppSec Posture
-
Pentesting with Daniel Slater (Ethical Hacking/Web Security)
