WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Threat Modeling

From: aporia () tiscali co uk
Date: Thu, 20 May 2004 17:21:54 +0100
I've been looking for a free set of threat models, too - no luck, though
- would be interested to know if you are successful.

_However_ I can recommend a software product called CRAMM.  I don't know
if you've used it, but basically it's a tool developed by HMG in Cheltenham.
 The great thing about it, and the reason it costs 4,000 GBP is that it
contains a database of over 3000 threats, vulnerabilities and countermeasures.

It also follows a specific methodology (Crown Copyright), and is aligned
to BS7799.

Unfortunately, the cost is a significant barrier to using it.  What about
just buying the BS7799 (about 150 GBP) and ISO TR 13335: Guidelines for
Management of IT Security (GMIT)? A reasonable starter pack.  This isn't
fee either, unfortunately.  But it is American.

---------------
Ian Ristic [ivanr () webkreator com]


Any links to any free threat modeling tools out there ?


   Does anyone know what happened to the threat modeling tool
   Microsoft announced in late 2003?

--
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]

__________________________________________________
Broadband from an unbeatable £15.99!

http://www.tiscali.co.uk/products/broadband/home.html?code=SM-NL-11AM
Previous By Date Next
Previous By Thread Next

Current thread: