[Owasp-testing] [Owasp-codereview] TM in The OWASP News

Marco M. Morana marco.m.morana at gmail.com
Thu Jul 24 18:28:17 EDT 2008


Glad you liked Dave, looking forward to read your article. Insecure magazine
also pledges free advertisement to OWASP (via the banner) so overall is very
good for our organization.

Regards

Marco

-----Original Message-----
From: davidrook [mailto:david.rook at realexpayments.com] 
Sent: Thursday, July 24, 2008 8:23 AM
To: Marco M. Morana
Cc: 'Alison McNamee'; Owasp-codereview at lists.owasp.org;
owasp-dotnet at lists.owasp.org; owasp-testing at lists.owasp.org
Subject: Re: [Owasp-codereview] TM in The OWASP News

Hey Marco,

I enjoyed the article, I'm a big fan of Threat Modeling! I'm writing an
article in the next edition of Insecure Magazine which focuses more on
an overall SDLC approach which of course mentions Threat Modeling and
OWASP resources.

Cheers,

Dave

Marco M. Morana wrote:
> Alison
>
>  
>
> I noticed there is a reference to the Adam Shostack's MSDN threat modeling
> article on OWASP news.
>
>  
>
> I also wanted to put to your attention the TM article I co-wrote on behalf
> on OWASP for Insecure Magazine:
>
> Security Flaws Identification and technical risk analysis through threat
> modeling (page 85)
>
> http://www.net-security.org/dl/insecure/INSECURE-Mag-17.pdf
>
>  
>
> The article covers how to implement threat modeling in organizations both
as
> technical risk analysis methodology and as secure architectural review
> methodology. It covers how to TM as activity feeds other security
activities
> in the SDLC. It also cover different TM methodologies available today:
> OWASP, MS-TAM and Trike as well as best practices for architects, testers
> and information security officers on how to use TM as part of the SDLC to
> both build and assess security into the applications independently from
the
> TM methodology being adopted.
>
>  
>
> I appreciate comments and feedback.
>
>  
>
> Regards
>
>  
>
> Marco Morana
>
> OWASP Cincinnati Chapter Leader
>
>  <http://www.owasp.org/index.php/Cincinnati>
> http://www.owasp.org/index.php/Cincinnati
>
> NYC OWASP Conference is the OWASP USA Event!
>
> http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference
>
>  
>
>  
>
>  
>
>
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Owasp-codereview mailing list
> Owasp-codereview at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-codereview
>   

-- 
David Rook | david.rook at realexpayments.com
Security Analyst

Realex Payments
Enabling thousands of businesses to sell online.

Realex Payments, Dublin, www.realexpayments.com
Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland
Tel: +353 (0)1 2808 559 Fax: +353 (0)1 2808 538

Realex Payments, London, www.realexpayments.co.uk
1 Hammersmith Grove, London W6 0NB, England
Tel: +44 (0)203 178 5370 Fax: +44 (0)207 691 7264

Pay and Shop Limited, trading as Realex Payments has its registered office
at Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is
registered in Ireland, company number 324929.

This mail and any documents attached are classified as confidential and
are intended for use by the addressee(s) only unless otherwise
indicated. If you are not an intended recipient of this email, you must
not use, disclose, copy, distribute or retain this message or any part
of it. If you have received this email in error, please notify us
immediately and delete all copies of this email from your computer
system(s). 
--



More information about the Owasp-testing mailing list