Web Application Security
Threat Modeling May 18 2004 09:22PM
Mark Curphey (mark curphey com) (4 replies)
RE: Threat Modeling May 24 2004 12:01PM
Mikael Brejcha (mikael brejcha com)
Re: Threat Modeling May 20 2004 01:04PM
Ivan Ristic (ivanr webkreator com)
Re: Threat Modeling May 20 2004 01:04PM
Ivan Ristic (ivanr webkreator com)
Re: [BAD-DATE] Threat Modeling May 19 2004 05:48AM
"D. Höhn" (dmalloc users sourceforge net) (1 replies)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Mark Curphey wrote:
| Does anyone have any experience with the OCTAVE threat modeling
methodology
| from CMU ?
nope :)
|
| What threat modeling methodology do you use and why ?
|
Well, it might be old and not feature complete but I deem Attack Trees a
very valuable tool: http://www.schneier.com/paper-attacktrees-ddj-ft.html

The methodoligy behind attack trees is rather simple and that simplicity
makes the whole process rather trivial. The complexity of a threat can
be modelded into different layers, their dependencies can be better
analyses and a conclusion is easier reached imho.

| Any links to any free threat modeling tools out there ?
|
Again I cannot help. My tool usese GRaphViz and a bit of perl Magick
along with a SQlite database to do what I want for Attack Tree Threat
modeling.

- -d
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAqvUhPMoaMn4kKR4RAw1qAKCS98zNfbT0sc9lYM9X8IVB6uz6JQCgj6Sf
vJDEM3RWO1qKxouxTrE8Mto=
=TBmh
-----END PGP SIGNATURE-----

[ reply ]
RE: [BAD-DATE] Threat Modeling Nov 25 2004 11:50PM
Arian J. Evans (arian anachronic com)


 

Privacy Statement
Copyright 2010, SecurityFocus