[OWASP-Bangalore] Threat Modeling - Anyone working on it

Nilesh Patil npatil854 at gmail.com
Sun Jul 8 07:39:16 UTC 2018


Hi,

There is Microsoft Threat modeling tool -
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/security/azure-security-threat-modeling-tool.md

To start work community edition would be useful.
https://blogs.msdn.microsoft.com/secdevblog/2017/04/21/whats-new-with-microsoft-threat-modeling-tool-preview/

Regards,
Nilesh

On Sat, Jul 7, 2018 at 10:31 AM Abhay Bhargav <abhaybhargav at gmail.com>
wrote:

> I second Akash's recommendations.
>
> I'd also like to add the following:
>
>    - https://www.owasp.org/images/a/aa/AppSecEU2012_PASTA.pdf => PASTA
>    Threat Modeling Methodology
>    -
>    https://2017.appsec.eu/presos/CISO/Threat%20Modeling%20with%20PASTA%20-%20Risk%20Centric%20Application%20Threat%20Modeling%20Case%20Studies%20-%20Tony%20UcedaV%C3%A9lez%20-%20OWASP_AppSec-Eu_2017.pdf
>    => Similar Presentation on Threat Modeling
>    - I'd recommend some work done by Continuum Security as well.
>    - I have been extensively involved with both attack and defensive
>    threat modeling, specifically around automation and integrating it into
>    AGILE/SCRUM like environments. Here's an article:
>    https://medium.com/@abhaybhargav/a-gentle-introduction-to-abuser-stories-for-scrum-teams-90df52652a63
>       - A tool that we have authored (open source) that expounds and adds
>       on to these concepts, called ThreatPlaybook:
>       https://we45.gitbook.io/threatplaybook/
>
>
> On Fri, Jul 6, 2018 at 8:42 PM Akash <akashmahajan at gmail.com> wrote:
>
>> An excellent place to start with Threat Modelling is to look at
>>
>> https://www.reddit.com/r/threatmodeling/
>>
>> Adam Shostack (Author of the best book on Threat Modeling) himself is
>> part of the sub reddit.
>>
>> If you are looking at a light weigh way to get started with Data Flow
>> Diagrams consider using OWASP Threat Dragon to create those and enumerate
>> the risks.
>>
>> Also I am keenly awaiting more documentation or video from this
>> particular talk at the recently concluded OWASP Summit.
>>
>>
>> https://owaspsummit.org/Outcomes/Threat-Model/Threat-Modeling-Where-do-I-Start.html
>>
>>
>>
>> On 5 July 2018 at 08:48, cyber research <001.appsec.007 at gmail.com> wrote:
>>
>>> Hi Folks,
>>>
>>> Good Morning!
>>>
>>> Is there anyone working on *Threat Modeling* ?? If Yes could you please
>>> share/ help me with resources if any like example prototypes / blogs
>>> /tutorials etc..
>>>
>>> Could you please ping here then i will reach you in your availability.
>>>
>>> Thanks & Regards,
>>> [email protected]!001
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Bangalore mailing list
>>> OWASP-Bangalore at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>>> Twitter : @owaspbangalore
>>>
>>>
>>
>>
>> --
>> Warm regards,
>> Akash Mahajan
>>
>> *That Web Application Security Guy* | +91 99 805 271 82
>> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
>> *OWASP Bangalore Chapter Lead | null Community Manager*
>>
>> _______________________________________________
>> OWASP-Bangalore mailing list
>> OWASP-Bangalore at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>> Twitter : @owaspbangalore
>>
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
> Twitter : @owaspbangalore
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20180708/6936922b/attachment.html>


More information about the OWASP-Bangalore mailing list