1 / 14

PART III Threat Modeling Demo & Practice

PART III Threat Modeling Demo & Practice. Threat Modeling Tools. Threat Modeling Analysis and Modeling (TAM) (Microsoft) Pros: Flexible, Build in Threat & Attack Library Cons: Not updated-supported, DFD require VISIO ™ installation SDL Threat Modeling (Microsoft)

mala
Download Presentation

PART III Threat Modeling Demo & Practice

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PART IIIThreat Modeling Demo & Practice

  2. Threat Modeling Tools • Threat Modeling Analysis and Modeling (TAM) (Microsoft) • Pros: Flexible, Build in Threat & Attack Library • Cons: Not updated-supported, DFD require VISIO ™ installation • SDL Threat Modeling (Microsoft) • Pros: Integrated with SDL, Plug-in in issue tracking, free • Cons: Use STRIDE/DREAD not even used my Microsoft  • Trike (open source) • Pros: Flexible, automatic threat generation • Cons: Not scalable, not maintained • PTA (commercial) • Pros: factor business impact of assets • Cons: User need to define threats, vulnerabilities and countermeasures Source : http://www.net-security.org/dl/insecure/INSECURE-Mag-17.pdf

  3. Threat Modeler Tool™ Demonstration • Threat Modeler live demo session with myAppSecurityInc (20 minutes) • Develop your threat model con threatModeler ™ with PASTA™ (30 minutes) https://www.youtube.com/watch?v=OZSjS8nu6kE

  4. Threat Modeling Example : Mobile Payment Application

  5. Define Requirements

  6. Application Functional Decomposition

  7. Security-Design Assertion

  8. Threat Analysis

  9. Threat –Controls-Vulnerability Analysis at Component Level

  10. Vulnerability Analysis

  11. Attack-Threat Tree Modeling

  12. Risk Analysis And Management

  13. Q & Q U E S T I O N S A N S W E R S

  14. Thanks for Your Attention Email me : Marco (dot) M (dot) Morana (at) Citi (dot) com Follow me on twitter:@threatmodeling Preorder the book “Application Threat Modeling Book, Wiley-Blackwell” on Amazon http://www.amazon.co.uk/Application-Threat-Modeling-Marco-Morana/dp/0470500964

More Related