Home page logo

webappsec logo WebApp Sec mailing list archives

RE: Threat Modeling
From: aporia () tiscali co uk
Date: Thu, 20 May 2004 17:21:54 +0100

I've been looking for a free set of threat models, too - no luck, though
- would be interested to know if you are successful.

_However_ I can recommend a software product called CRAMM.  I don't know
if you've used it, but basically it's a tool developed by HMG in Cheltenham.
 The great thing about it, and the reason it costs 4,000 GBP is that it
contains a database of over 3000 threats, vulnerabilities and countermeasures.

It also follows a specific methodology (Crown Copyright), and is aligned
to BS7799.

Unfortunately, the cost is a significant barrier to using it.  What about
just buying the BS7799 (about 150 GBP) and ISO TR 13335: Guidelines for
Management of IT Security (GMIT)? A reasonable starter pack.  This isn't
fee either, unfortunately.  But it is American.

Ian Ristic [ivanr () webkreator com]

Any links to any free threat modeling tools out there ?

   Does anyone know what happened to the threat modeling tool
   Microsoft announced in late 2003?

ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]

Broadband from an unbeatable £15.99!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]