[Owasp-austin] Security Models, Security Databases, KPAC(sp?)

Matt Tesauro mtesauro at gmail.com
Fri Aug 28 13:48:27 EDT 2009


They were probably referring to CAPEC
http://capec.mitre.org/

CVE, CWE and CAPEC are good stuff from Mitre.  

Speaking of CVE, CWE and CAPEC, you might want to glance at:
Tracking the Progress of an SDL (Security Development Lifecycle) Program
- Lessons From the Gym
Cassio Goldschmidt, Symantec Corp

That presentation was just given at AppSec Academia at UC Irvring and
covered some interesting uses of those for security metrics.  

Link about the conference:
http://www.owasp.org/index.php/AppSec_Academia_Symposium

Presentation recording:
http://replay.nacs.uci.edu/public/summer2009/owasp2009/Tracking%20the%
20progress%20of%20an%20SDL%20program%20-%20Lessons%20from%20the%20Gym%
20-%20Web%20(1024x768)%20-%2020090826%2005.18.53PM.html

Audio only:
http://replay.nacs.uci.edu/public/summer2009/owasp2009/Tracking%20the%
20progress%20of%20an%20SDL%20program%20-%20Lessons%20from%20the%20Gym%
20-%20MP3%20(Phone%20Quality)%20-%2020090826%2005.18.53PM.mp3

I'm pretty sure I have the ppt if you're interested - just let me know.

-  
-- Matt Tesauro
OWASP Live CD Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download Site 

On Tue, 2009-08-25 at 13:54 -0500, travis+ml-owasp at subspacefield.org
wrote:
> For those who are interested in Bell-La Padula and other security models, I did a brief
> search and cataloged the ones that I found in a section in my book:
> 
> http://www.subspacefield.org/security/security_concepts/index.html#tth_sEc3
> 
> I'm also trying to locate all the relevant databases of things like CVE, CWE, etc.
> Right now I've dumped them into a section of my book that really needs some
> reorganization, but they're here:
> 
> http://www.subspacefield.org/security/security_concepts/index.html#tth_sEc33
> 
> One person mentioned something that sounded like KPAC, and from what I gathered,
> was some kind of database of attack patterns...  does anyone have more information
> on this?
> _______________________________________________
> Owasp-austin mailing list
> Owasp-austin at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-austin



More information about the Owasp-austin mailing list