OWASP/Training/Threat Risk Modeling - Revision history

Sandra Paiva at 17:33, 20 December 2010

2010-12-20T17:33:58Z

Sandra Paiva at 17:21, 23 November 2010

2010-11-23T17:21:34Z

Sandra Paiva at 19:33, 12 November 2010

2010-11-12T19:33:38Z

Sandra Paiva at 17:47, 12 November 2010

2010-11-12T17:47:34Z

Sandra Paiva: Created page with '{{Template:{{{1}}}OWASP Training Modules | Module_designation = Threat Risk Modelling | Module_Overvie…'

2010-11-12T17:13:45Z

Created page with '{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Training Modules</noinclude> | Module_designation = Threat Risk Modelling | Module_Overvie…'

New page

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Training Modules</noinclude>
| Module_designation = [[:Threat Risk Modeling|Threat Risk Modelling]]
| Module_Overview_Goal = When you start a web application design, it is essential to apply threat risk modeling; otherwise you will squander resources, time, and money on useless controls that fail to focus on the real risks.

The method used to assess risk is not nearly as important as actually performing a structured threat risk modeling. Microsoft notes that the single most important factor in their security improvement program was the corporate adoption of threat risk modeling.

| Content =  
* Performing threat risk modeling using the Microsoft Threat Modeling Process 
* Identify Security Objectives 
* Application Overview 
* Decompose Application 
* Identify Threats 
* STRIDE 
* DREAD 
* Alternative Threat Modeling Systems 

 
| Material =
[http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard Project]
[http://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Testing Guide V 3.0 - PDF]

}}

@@ Line 18: / Line 18: @@
 &nbsp;
 | Material =
-[http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard Project (ASVS)]
+* [http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard Project (ASVS)]
-[http://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Testing Guide V 3.0 - PDF]
+* [http://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Testing Guide V 3.0 - PDF]
 }}

← Older revision		Revision as of 17:21, 23 November 2010
Line 22:		Line 22:

	}}		}}
		+
		+
		+
		+	[[Category:OWASP_Training\|Training]]

@@ Line 1: / Line 1: @@
 {{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Training Modules</noinclude>
-| Module_designation = [[:Threat Risk Modeling|Threat Risk Modelling]]
+| Module_designation = [[:Threat Risk Modeling|Threat Risk Modeling]]
 | Module_Overview_Goal = When you start a web application design, it is essential to apply threat risk modeling; otherwise you will squander resources, time, and money on useless controls that fail to focus on the real risks.