Web Application Security
Threat Modeling May 18 2004 09:22PM
Mark Curphey (mark curphey com) (4 replies)
RE: Threat Modeling May 24 2004 12:01PM
Mikael Brejcha (mikael brejcha com)
Re: Threat Modeling May 20 2004 01:04PM
Ivan Ristic (ivanr webkreator com)
Re: Threat Modeling May 20 2004 01:04PM
Ivan Ristic (ivanr webkreator com)
Re: [BAD-DATE] Threat Modeling May 19 2004 05:48AM
"D. Höhn" (dmalloc users sourceforge net) (1 replies)
RE: [BAD-DATE] Threat Modeling Nov 25 2004 11:50PM
Arian J. Evans (arian anachronic com)
Wow, this is an old threat, but I don't remember anyone passing this link
at the time:

MS Threat Modeling Resource Center:
http://msdn.microsoft.com/security/securecode/threatmodeling/default.asp
x

and their free tool:
http://www.microsoft.com/downloads/details.aspx?familyid=62830f95-0e61-4
f87-88a6-e7c663444ac1&displaylang=en

As for OCTAVE, yes, we work with it a lot at my workplace.

I for one am not a fan of targeting and prioritization in this fashion
due to the experience that it simply doesn't work. A number of the
biggest holes I've found have been ones that would have been missed
following a model like OCTAVE. (referring to general pen testing here.)

What is your question here? Do we need an OCTAVE thread?

Arian

> -----Original Message-----
> From: D. Hohn [mailto:dmalloc (at) users.sourceforge (dot) net [email concealed]]
> Sent: Wednesday, May 19, 2004 12:48 AM
> To: Mark Curphey
> Cc: webappsec (at) securityfocus (dot) com [email concealed]
> Subject: Re: [BAD-DATE] Threat Modeling
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> Mark Curphey wrote:
> | Does anyone have any experience with the OCTAVE threat modeling
> methodology | from CMU ?

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus