[Owasp-codereview] TM in The OWASP News

davidrook david.rook at realexpayments.com
Thu Jul 24 08:22:33 EDT 2008


Hey Marco,

I enjoyed the article, I'm a big fan of Threat Modeling! I'm writing an
article in the next edition of Insecure Magazine which focuses more on
an overall SDLC approach which of course mentions Threat Modeling and
OWASP resources.

Cheers,

Dave

Marco M. Morana wrote:
> Alison
>
>  
>
> I noticed there is a reference to the Adam Shostack's MSDN threat modeling
> article on OWASP news.
>
>  
>
> I also wanted to put to your attention the TM article I co-wrote on behalf
> on OWASP for Insecure Magazine:
>
> Security Flaws Identification and technical risk analysis through threat
> modeling (page 85)
>
> http://www.net-security.org/dl/insecure/INSECURE-Mag-17.pdf
>
>  
>
> The article covers how to implement threat modeling in organizations both as
> technical risk analysis methodology and as secure architectural review
> methodology. It covers how to TM as activity feeds other security activities
> in the SDLC. It also cover different TM methodologies available today:
> OWASP, MS-TAM and Trike as well as best practices for architects, testers
> and information security officers on how to use TM as part of the SDLC to
> both build and assess security into the applications independently from the
> TM methodology being adopted.
>
>  
>
> I appreciate comments and feedback.
>
>  
>
> Regards
>
>  
>
> Marco Morana
>
> OWASP Cincinnati Chapter Leader
>
>  <http://www.owasp.org/index.php/Cincinnati>
> http://www.owasp.org/index.php/Cincinnati
>
> NYC OWASP Conference is the OWASP USA Event!
>
> http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference
>
>  
>
>  
>
>  
>
>
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Owasp-codereview mailing list
> Owasp-codereview at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-codereview
>   

-- 
David Rook | david.rook at realexpayments.com
Security Analyst

Realex Payments
Enabling thousands of businesses to sell online.

Realex Payments, Dublin, www.realexpayments.com
Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland
Tel: +353 (0)1 2808 559 Fax: +353 (0)1 2808 538

Realex Payments, London, www.realexpayments.co.uk
1 Hammersmith Grove, London W6 0NB, England
Tel: +44 (0)203 178 5370 Fax: +44 (0)207 691 7264

Pay and Shop Limited, trading as Realex Payments has its registered office at Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is registered in Ireland, company number 324929.

This mail and any documents attached are classified as confidential and
are intended for use by the addressee(s) only unless otherwise
indicated. If you are not an intended recipient of this email, you must
not use, disclose, copy, distribute or retain this message or any part
of it. If you have received this email in error, please notify us
immediately and delete all copies of this email from your computer
system(s). 
--



More information about the Owasp-codereview mailing list