Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Threat Modeling

RE: Threat Modeling

From: <aporia_at_tiscali.co.uk>
Date: Thu, 20 May 2004 17:21:54 +0100

I've been looking for a free set of threat models, too - no luck, though
- would be interested to know if you are successful.

_However_ I can recommend a software product called CRAMM. I don't know
if you've used it, but basically it's a tool developed by HMG in Cheltenham.
 The great thing about it, and the reason it costs 4,000 GBP is that it
contains a database of over 3000 threats, vulnerabilities and countermeasures.

It also follows a specific methodology (Crown Copyright), and is aligned
to BS7799.

Unfortunately, the cost is a significant barrier to using it. What about
just buying the BS7799 (about 150 GBP) and ISO TR 13335: Guidelines for
Management of IT Security (GMIT)? A reasonable starter pack. This isn't
fee either, unfortunately. But it is American.

---------------
Ian Ristic [ivanr_at_webkreator.com]

> Any links to any free threat modeling tools out there ?

   Does anyone know what happened to the threat modeling tool
   Microsoft announced in late 2003? 

--
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]
__________________________________________________
Broadband from an unbeatable £15.99!
http://www.tiscali.co.uk/products/broadband/home.html?code=SM-NL-11AM
Received on May 20 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]