Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

RE: [BAD-DATE] Threat Modeling
From: "Arian J. Evans" <arian () anachronic com>
Date: Thu, 25 Nov 2004 17:50:29 -0600
Wow, this is an old threat, but I don't remember anyone passing this link
at the time:

MS Threat Modeling Resource Center:
http://msdn.microsoft.com/security/securecode/threatmodeling/default.aspx

and their free tool:
http://www.microsoft.com/downloads/details.aspx?familyid=62830f95-0e61-4f87-88a6-e7c663444ac1&displaylang=en

As for OCTAVE, yes, we work with it a lot at my workplace.

I for one am not a fan of targeting and prioritization in this fashion
due to the experience that it simply doesn't work. A number of the
biggest holes I've found have been ones that would have been missed
following a model like OCTAVE. (referring to general pen testing here.)

What is your question here? Do we need an OCTAVE thread?

Arian



-----Original Message-----
From: D. Hohn [mailto:dmalloc () users sourceforge net]
Sent: Wednesday, May 19, 2004 12:48 AM
To: Mark Curphey
Cc: webappsec () securityfocus com
Subject: Re: [BAD-DATE] Threat Modeling


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Mark Curphey wrote:
| Does anyone have any experience with the OCTAVE threat modeling
methodology | from CMU ?

  By Date           By Thread  

Current thread:
  • RE: [BAD-DATE] Threat Modeling Arian J. Evans (Nov 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]