WebApp Sec mailing list archives
Re: [BAD-DATE] Threat Modeling
From: "D. Höhn" <dmalloc () users sourceforge net>
Date: Wed, 19 May 2004 07:48:17 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Mark Curphey wrote: | Does anyone have any experience with the OCTAVE threat modeling methodology | from CMU ? nope :) | | What threat modeling methodology do you use and why ? | Well, it might be old and not feature complete but I deem Attack Trees a very valuable tool: http://www.schneier.com/paper-attacktrees-ddj-ft.html The methodoligy behind attack trees is rather simple and that simplicity makes the whole process rather trivial. The complexity of a threat can be modelded into different layers, their dependencies can be better analyses and a conclusion is easier reached imho. | Any links to any free threat modeling tools out there ? | Again I cannot help. My tool usese GRaphViz and a bit of perl Magick along with a SQlite database to do what I want for Attack Tree Threat modeling. - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAqvUhPMoaMn4kKR4RAw1qAKCS98zNfbT0sc9lYM9X8IVB6uz6JQCgj6Sf vJDEM3RWO1qKxouxTrE8Mto= =TBmh -----END PGP SIGNATURE-----
Current thread:
- Threat Modeling Mark Curphey (May 18)
- Re: [BAD-DATE] Threat Modeling D. Höhn (May 19)
- Re: Threat Modeling Ivan Ristic (May 20)
- RE: Threat Modeling Mikael Brejcha (May 24)
- <Possible follow-ups>
- RE: Threat Modeling Michael Howard (May 20)
- RE: Threat Modeling aporia (May 20)
- RE: Threat Modeling Mark Curphey (May 20)
- Re: Threat Modeling Ivan Ristic (May 21)
- Re: Threat Modeling Frank O'Dwyer (May 21)
- Re: Threat Modeling Adrian Wiesmann (May 21)
- Re: Threat Modeling Adrian Wiesmann (May 21)
- RE: Threat Modeling Dan Morrill (May 20)
(Thread continues...)