[OWASP-Bangalore] Threat Modeling - Anyone working on it

Abhay Bhargav abhaybhargav at gmail.com
Sat Jul 7 05:00:28 UTC 2018


I second Akash's recommendations.

I'd also like to add the following:

   - https://www.owasp.org/images/a/aa/AppSecEU2012_PASTA.pdf => PASTA
   Threat Modeling Methodology
   -
   https://2017.appsec.eu/presos/CISO/Threat%20Modeling%20with%20PASTA%20-%20Risk%20Centric%20Application%20Threat%20Modeling%20Case%20Studies%20-%20Tony%20UcedaV%C3%A9lez%20-%20OWASP_AppSec-Eu_2017.pdf
   => Similar Presentation on Threat Modeling
   - I'd recommend some work done by Continuum Security as well.
   - I have been extensively involved with both attack and defensive threat
   modeling, specifically around automation and integrating it into
   AGILE/SCRUM like environments. Here's an article:
   https://medium.com/@abhaybhargav/a-gentle-introduction-to-abuser-stories-for-scrum-teams-90df52652a63
      - A tool that we have authored (open source) that expounds and adds
      on to these concepts, called ThreatPlaybook:
      https://we45.gitbook.io/threatplaybook/


On Fri, Jul 6, 2018 at 8:42 PM Akash <akashmahajan at gmail.com> wrote:

> An excellent place to start with Threat Modelling is to look at
>
> https://www.reddit.com/r/threatmodeling/
>
> Adam Shostack (Author of the best book on Threat Modeling) himself is part
> of the sub reddit.
>
> If you are looking at a light weigh way to get started with Data Flow
> Diagrams consider using OWASP Threat Dragon to create those and enumerate
> the risks.
>
> Also I am keenly awaiting more documentation or video from this particular
> talk at the recently concluded OWASP Summit.
>
>
> https://owaspsummit.org/Outcomes/Threat-Model/Threat-Modeling-Where-do-I-Start.html
>
>
>
> On 5 July 2018 at 08:48, cyber research <001.appsec.007 at gmail.com> wrote:
>
>> Hi Folks,
>>
>> Good Morning!
>>
>> Is there anyone working on *Threat Modeling* ?? If Yes could you please
>> share/ help me with resources if any like example prototypes / blogs
>> /tutorials etc..
>>
>> Could you please ping here then i will reach you in your availability.
>>
>> Thanks & Regards,
>> [email protected]!001
>>
>>
>>
>>
>>
>> _______________________________________________
>> OWASP-Bangalore mailing list
>> OWASP-Bangalore at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>> Twitter : @owaspbangalore
>>
>>
>
>
> --
> Warm regards,
> Akash Mahajan
>
> *That Web Application Security Guy* | +91 99 805 271 82
> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
> *OWASP Bangalore Chapter Lead | null Community Manager*
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
> Twitter : @owaspbangalore
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20180707/60c04500/attachment.html>


More information about the OWASP-Bangalore mailing list