This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Working Sessions/Session099"
From OWASP
| (27 intermediate revisions by 20 users not shown) | |||
| Line 2: | Line 2: | ||
|- | |- | ||
| − | | summit_session_attendee_name1 = | + | | summit_session_attendee_name1 = Matthew Chalmers |
| − | | summit_session_attendee_email1 = | + | | summit_session_attendee_email1 = [email protected] |
| − | | summit_session_attendee_company1= | + | | summit_session_attendee_username1 = |
| + | | summit_session_attendee_company1=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif] | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= | ||
| − | | summit_session_attendee_name2 = | + | | summit_session_attendee_name2 = Colin Watson |
| summit_session_attendee_email2 = | | summit_session_attendee_email2 = | ||
| + | | summit_session_attendee_username2 = | ||
| summit_session_attendee_company2= | | summit_session_attendee_company2= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= | ||
| − | | summit_session_attendee_name3 = | + | | summit_session_attendee_name3 = Mateo Martinez |
| − | | summit_session_attendee_email3 = | + | | summit_session_attendee_email3 = [email protected] |
| + | | summit_session_attendee_username3 = | ||
| summit_session_attendee_company3= | | summit_session_attendee_company3= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= | ||
| − | | summit_session_attendee_name4 = | + | | summit_session_attendee_name4 = Dinis Cruz |
| − | | summit_session_attendee_email4 = | + | | summit_session_attendee_email4 = [email protected] |
| + | | summit_session_attendee_username4 = | ||
| summit_session_attendee_company4= | | summit_session_attendee_company4= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= | ||
| − | | summit_session_attendee_name5 = | + | | summit_session_attendee_name5 = Jim Manico |
| − | | summit_session_attendee_email5 = | + | | summit_session_attendee_email5 = [email protected] |
| + | | summit_session_attendee_username5 = | ||
| summit_session_attendee_company5= | | summit_session_attendee_company5= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5= | ||
| − | | summit_session_attendee_name6 = | + | | summit_session_attendee_name6 = Neil Matatall |
| − | | summit_session_attendee_email6 = | + | | summit_session_attendee_email6 = [email protected] |
| + | | summit_session_attendee_username6 = | ||
| summit_session_attendee_company6= | | summit_session_attendee_company6= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6= | ||
| − | | summit_session_attendee_name7 = | + | | summit_session_attendee_name7 = Christian Martorella |
| − | | summit_session_attendee_email7 = | + | | summit_session_attendee_email7 = [email protected] |
| + | | summit_session_attendee_username7 = | ||
| summit_session_attendee_company7= | | summit_session_attendee_company7= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7= | ||
| − | | summit_session_attendee_name8 = | + | | summit_session_attendee_name8 = Steven van der Baan |
| − | | summit_session_attendee_email8 = | + | | summit_session_attendee_email8 = [email protected] |
| + | | summit_session_attendee_username8 = | ||
| summit_session_attendee_company8= | | summit_session_attendee_company8= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8= | ||
| − | | summit_session_attendee_name9 = | + | | summit_session_attendee_name9 = Nishi Kumar |
| − | | summit_session_attendee_email9 = | + | | summit_session_attendee_email9 = [email protected] |
| + | | summit_session_attendee_username9 = | ||
| summit_session_attendee_company9= | | summit_session_attendee_company9= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9= | ||
| − | | summit_session_attendee_name10 = | + | | summit_session_attendee_name10 = Cecil Su |
| − | | summit_session_attendee_email10 = | + | | summit_session_attendee_email10 = [email protected] |
| + | | summit_session_attendee_username10 = | ||
| summit_session_attendee_company10= | | summit_session_attendee_company10= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10= | ||
| − | | summit_session_attendee_name11 = | + | | summit_session_attendee_name11 = Antonio Fontes |
| − | | summit_session_attendee_email11 = | + | | summit_session_attendee_email11 = [email protected] |
| + | | summit_session_attendee_username11 = | ||
| summit_session_attendee_company11= | | summit_session_attendee_company11= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11= | ||
| − | | summit_session_attendee_name12 = | + | | summit_session_attendee_name12 = Sherif Koussa |
| − | | summit_session_attendee_email12 = | + | | summit_session_attendee_email12 = [email protected] |
| − | | summit_session_attendee_company12= | + | | summit_session_attendee_username12 = |
| + | | summit_session_attendee_company12= Software Secured | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12= | ||
| − | | summit_session_attendee_name13 = | + | | summit_session_attendee_name13 = Matthias Rohr |
| − | | summit_session_attendee_email13 = | + | | summit_session_attendee_email13 = [email protected] |
| − | | summit_session_attendee_company13= | + | | summit_session_attendee_username13 = |
| + | | summit_session_attendee_company13= SEC Consult | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13= | ||
| − | | summit_session_attendee_name14 = | + | | summit_session_attendee_name14 = Vishal Garg |
| − | | summit_session_attendee_email14 = | + | | summit_session_attendee_email14 = [email protected] |
| − | | summit_session_attendee_company14= | + | | summit_session_attendee_username14 = |
| + | | summit_session_attendee_company14= AppSecure Labs | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= | ||
| − | | summit_session_attendee_name15 = | + | | summit_session_attendee_name15 = Matteo Meucci |
| − | | summit_session_attendee_email15 = | + | | summit_session_attendee_email15 = [email protected] |
| + | | summit_session_attendee_username15 = | ||
| summit_session_attendee_company15= | | summit_session_attendee_company15= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15= | ||
| − | | summit_session_attendee_name16 = | + | | summit_session_attendee_name16 = Seba Deleersnyder |
| − | | summit_session_attendee_email16 = | + | | summit_session_attendee_email16 = [email protected] |
| − | | summit_session_attendee_company16= | + | | summit_session_attendee_username16 = |
| + | | summit_session_attendee_company16= SAIT Zenitel | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16= | ||
| − | | summit_session_attendee_name17 = | + | | summit_session_attendee_name17 = Tony UcedaVelez |
| − | | summit_session_attendee_email17 = | + | | summit_session_attendee_email17 = [email protected] |
| − | | summit_session_attendee_company17= | + | | summit_session_attendee_username17 = Tony UcedaVelez |
| + | | summit_session_attendee_company17= VerSprite | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17= | ||
| − | | summit_session_attendee_name18 = | + | | summit_session_attendee_name18 = L. Gustavo C. Barbato |
| − | | summit_session_attendee_email18 = | + | | summit_session_attendee_email18 = [email protected] |
| − | | summit_session_attendee_company18= | + | | summit_session_attendee_username18 = Gustavo Barbato |
| + | | summit_session_attendee_company18= Dell | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18= | ||
| − | | summit_session_attendee_name19 = | + | | summit_session_attendee_name19 = Edward Bonver |
| − | | summit_session_attendee_email19 = | + | | summit_session_attendee_email19 = [email protected] |
| − | | summit_session_attendee_company19= | + | | summit_session_attendee_username19 = Edward Bonver |
| + | | summit_session_attendee_company19= Symantec | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19= | ||
| − | | summit_session_attendee_name20 = | + | | summit_session_attendee_name20 = Ofer Maor |
| − | | summit_session_attendee_email20 = | + | | summit_session_attendee_email20 = [email protected] |
| + | | summit_session_attendee_username20 = | ||
| summit_session_attendee_company20= | | summit_session_attendee_company20= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20= | ||
| + | |||
| + | | summit_session_attendee_name21 = Wojciech Dworakowski | ||
| + | | summit_session_attendee_email21 = [email protected] | ||
| + | | summit_session_attendee_username21 = Wojciech Dworakowski | ||
| + | | summit_session_attendee_company21= SecuRing | ||
| + | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed21= | ||
| + | |||
| + | | summit_session_attendee_name22 = Alexandre Miguel Aniceto | ||
| + | | summit_session_attendee_email22 = [email protected] | ||
| + | | summit_session_attendee_username22 = Alexandre Miguel Aniceto | ||
| + | | summit_session_attendee_company22= Willway | ||
| + | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed22= | ||
| + | |||
|- | |- | ||
| − | | summit_track_logo = | + | | summit_track_logo = [[Image:T._individual_projects.jpg]] |
| − | | summit_ws_logo = | + | | summit_ws_logo = [[Image:WS._individual_projects.jpg]] |
| − | | summit_session_name = Threat Modeling | + | | summit_session_name = Threat Modeling |
| − | | summit_session_url = | + | | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099 |
|- | |- | ||
| − | | short_working_session_description= | + | | short_working_session_description=Discussion on various components of threat modeling, threat modeling methodologies and their challenges. |
|- | |- | ||
| − | | related_project_name1 = | + | | related_project_name1 = Threat Modeling |
| related_project_url_1 = | | related_project_url_1 = | ||
| Line 130: | Line 163: | ||
|- | |- | ||
| − | | summit_session_objective_name1= | + | | summit_session_objective_name1= Reviewing existing methodologies and their pros and cons |
| − | | summit_session_objective_name2 = | + | | summit_session_objective_name2 = Assigning business impacts to threats |
| − | | summit_session_objective_name3 = | + | | summit_session_objective_name3 = Assigning technical impacts to threats |
| − | | summit_session_objective_name4 = | + | | summit_session_objective_name4 = Threat Rating System. |
| − | | summit_session_objective_name5 = | + | | summit_session_objective_name5 = Can we bring attack trees into main stream threat modeling methodology? |
| + | |||
| + | | summit_session_objective_name6 = Can we use metrics to promote threat modeling? | ||
|- | |- | ||
| Line 158: | Line 193: | ||
|- | |- | ||
| − | |summit_session_deliverable_name1 = | + | |summit_session_deliverable_name1 = A document with a public recommendation on the use of threat modeling |
| − | | | + | |summit_session_deliverable_name2 = An OWASP standard defining what a threat model is. |
| − | | | + | |summit_session_deliverable_name3 = An OWASP standard defining a workflow for creating and maintaining a threat model. |
| − | |||
| − | | | + | |summit_session_deliverable_name4 = A white paper providing recommendations on how organizations can use threat modeling to achieve better security earlier in the process. Including a business-case rationale for threat modeling would be excellent. |
| − | |||
| − | | | + | |summit_session_deliverable_name5 = |
| − | |||
| − | | | + | |summit_session_deliverable_name6 = |
| − | | | + | |
| + | |summit_session_deliverable_name7 = | ||
| + | |summit_session_deliverable_name8 = | ||
|- | |- | ||
| Line 181: | Line 215: | ||
| summit_session_leader_name2 = | | summit_session_leader_name2 = | ||
| summit_session_leader_email2 = | | summit_session_leader_email2 = | ||
| + | | summit_session_leader_username2 = | ||
| summit_session_leader_name3 = | | summit_session_leader_name3 = | ||
| summit_session_leader_email3 = | | summit_session_leader_email3 = | ||
| + | | summit_session_leader_username3 = | ||
|- | |- | ||
| Line 189: | Line 225: | ||
| operational_leader_name1 = | | operational_leader_name1 = | ||
| operational_leader_email1 = | | operational_leader_email1 = | ||
| + | | operational_leader_username1 = | ||
|- | |- | ||
Latest revision as of 23:49, 7 February 2011
Global Summit 2011 Home Page
Global Summit 2011 Tracks
 Threat Modeling
| ||||||
|---|---|---|---|---|---|---|
| Please see/use the 'discussion' page for more details about this Working Session | ||||||
| Working Sessions Operational Rules - Please see here the general frame of rules. |
| WORKING SESSION IDENTIFICATION | ||||||
|---|---|---|---|---|---|---|
| Short Work Session Description | Discussion on various components of threat modeling, threat modeling methodologies and their challenges. | |||||
| Related Projects (if any) |
| |||||
| Email Contacts & Roles | Chair Anurag Agarwal @ |
Operational Manager |
Mailing list {{{mailing_list}}} | |||
| WORKING SESSION SPECIFICS | ||||||
|---|---|---|---|---|---|---|
| Objectives |
| |||||
| Venue/Date&Time/Model | Venue/Room OWASP Global Summit Portugal 2011 |
Date & Time
|
Discussion Model participants and attendees | |||
| |
|---|
| WORKING SESSION OPERATIONAL RESOURCES | ||||||
|---|---|---|---|---|---|---|
| Projector, whiteboards, markers, Internet connectivity, power | ||||||
| |
|---|
| WORKING SESSION ADDITIONAL DETAILS | ||||||
|---|---|---|---|---|---|---|
| WORKING SESSION OUTCOMES / DELIVERABLES | ||
|---|---|---|
| Proposed by Working Group | Approved by OWASP Board | |
|
A document with a public recommendation on the use of threat modeling |
After the Board Meeting - fill in here. | |
| After the Board Meeting - fill in here. | ||
|
An OWASP standard defining a workflow for creating and maintaining a threat model. |
After the Board Meeting - fill in here. | |
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
Working Session Participants
(Add you name by clicking "edit" on the tab on the upper left side of this page)
| WORKING SESSION PARTICIPANTS | ||||||
|---|---|---|---|---|---|---|
| Name | Company | Notes & reason for participating, issues to be discussed/addressed | ||||
| Matthew Chalmers @ |
 |
| ||||
| Colin Watson |
| |||||
| Mateo Martinez @ |
| |||||
| Dinis Cruz @ |
| |||||
| Jim Manico @ |
| |||||
| Neil Matatall @ |
| |||||
| Christian Martorella @ |
| |||||
| Steven van der Baan @ |
| |||||
| Nishi Kumar @ |
| |||||
| Cecil Su @ |
| |||||
| Antonio Fontes @ |
| |||||
| Sherif Koussa @ |
Software Secured |
| ||||
| Matthias Rohr @ |
SEC Consult |
| ||||
| Vishal Garg @ |
AppSecure Labs |
| ||||
| Matteo Meucci @ |
| |||||
| Seba Deleersnyder @ |
SAIT Zenitel |
| ||||
| Tony UcedaVelez @ |
VerSprite |
| ||||
| L. Gustavo C. Barbato @ |
Dell |
| ||||
| Edward Bonver @ |
Symantec |
| ||||
| Ofer Maor @ |
| |||||
