[Owasp-codereview] TM in The OWASP News

Marco M. Morana marco.m.morana at gmail.com
Thu Jul 24 08:03:59 EDT 2008


Alison

 

I noticed there is a reference to the Adam Shostack's MSDN threat modeling
article on OWASP news.

 

I also wanted to put to your attention the TM article I co-wrote on behalf
on OWASP for Insecure Magazine:

Security Flaws Identification and technical risk analysis through threat
modeling (page 85)

http://www.net-security.org/dl/insecure/INSECURE-Mag-17.pdf

 

The article covers how to implement threat modeling in organizations both as
technical risk analysis methodology and as secure architectural review
methodology. It covers how to TM as activity feeds other security activities
in the SDLC. It also cover different TM methodologies available today:
OWASP, MS-TAM and Trike as well as best practices for architects, testers
and information security officers on how to use TM as part of the SDLC to
both build and assess security into the applications independently from the
TM methodology being adopted.

 

I appreciate comments and feedback.

 

Regards

 

Marco Morana

OWASP Cincinnati Chapter Leader

 <http://www.owasp.org/index.php/Cincinnati>
http://www.owasp.org/index.php/Cincinnati

NYC OWASP Conference is the OWASP USA Event!

http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-codereview/attachments/20080724/92f2ca74/attachment.html 


More information about the Owasp-codereview mailing list