WebApp Sec: Re: [BAD-DATE] Threat Modeling

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: [BAD-DATE] Threat Modeling

From: "D. Höhn" <dmalloc () users sourceforge net>
Date: Wed, 19 May 2004 07:48:17 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Mark Curphey wrote:
| Does anyone have any experience with the OCTAVE threat modeling
methodology
| from CMU ?
nope :)
|
| What threat modeling methodology do you use and why ?
|
Well, it might be old and not feature complete but I deem Attack Trees a
very valuable tool: http://www.schneier.com/paper-attacktrees-ddj-ft.html

The methodoligy behind attack trees is rather simple and that simplicity
makes the whole process rather trivial. The complexity of a threat can
be modelded into different layers, their dependencies can be better
analyses and a conclusion is easier reached imho.

| Any links to any free threat modeling tools out there ?
|
Again I cannot help. My tool usese GRaphViz and a bit of perl Magick
along with a SQlite database to do what I want for Attack Tree Threat
modeling.

- -d
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAqvUhPMoaMn4kKR4RAw1qAKCS98zNfbT0sc9lYM9X8IVB6uz6JQCgj6Sf
vJDEM3RWO1qKxouxTrE8Mto=
=TBmh
-----END PGP SIGNATURE-----

By Date By Thread

Current thread:

Threat Modeling Mark Curphey (May 18)
- Re: [BAD-DATE] Threat Modeling D. Höhn (May 19)
- Re: Threat Modeling Ivan Ristic (May 20)
- RE: Threat Modeling Mikael Brejcha (May 24)
- <Possible follow-ups>
- RE: Threat Modeling Michael Howard (May 20)
- RE: Threat Modeling aporia (May 20)
  - RE: Threat Modeling Mark Curphey (May 20)