[OWASP-Bangalore] Threat Modeling - Anyone working on it
abhaybhargav at gmail.com
Sat Jul 7 05:00:28 UTC 2018
I second Akash's recommendations.
I'd also like to add the following:
- https://www.owasp.org/images/a/aa/AppSecEU2012_PASTA.pdf => PASTA
Threat Modeling Methodology
=> Similar Presentation on Threat Modeling
- I'd recommend some work done by Continuum Security as well.
- I have been extensively involved with both attack and defensive threat
modeling, specifically around automation and integrating it into
AGILE/SCRUM like environments. Here's an article:
- A tool that we have authored (open source) that expounds and adds
on to these concepts, called ThreatPlaybook:
On Fri, Jul 6, 2018 at 8:42 PM Akash <akashmahajan at gmail.com> wrote:
> An excellent place to start with Threat Modelling is to look at
> Adam Shostack (Author of the best book on Threat Modeling) himself is part
> of the sub reddit.
> If you are looking at a light weigh way to get started with Data Flow
> Diagrams consider using OWASP Threat Dragon to create those and enumerate
> the risks.
> Also I am keenly awaiting more documentation or video from this particular
> talk at the recently concluded OWASP Summit.
> On 5 July 2018 at 08:48, cyber research <001.appsec.007 at gmail.com> wrote:
>> Hi Folks,
>> Good Morning!
>> Is there anyone working on *Threat Modeling* ?? If Yes could you please
>> share/ help me with resources if any like example prototypes / blogs
>> /tutorials etc..
>> Could you please ping here then i will reach you in your availability.
>> Thanks & Regards,
>> [email protected]!001
>> OWASP-Bangalore mailing list
>> OWASP-Bangalore at lists.owasp.org
>> Twitter : @owaspbangalore
> Warm regards,
> Akash Mahajan
> *That Web Application Security Guy* | +91 99 805 271 82
> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
> *OWASP Bangalore Chapter Lead | null Community Manager*
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> Twitter : @owaspbangalore
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Bangalore