This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP/Training/Threat Risk Modeling"
From OWASP
Sandra Paiva (talk | contribs) (Created page with '{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Training Modules</noinclude> | Module_designation = Threat Risk Modelling | Module_Overvie…') |
Sandra Paiva (talk | contribs) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Training Modules</noinclude> | {{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Training Modules</noinclude> | ||
| − | | Module_designation = [[:Threat Risk Modeling|Threat Risk | + | | Module_designation = [[:Threat Risk Modeling|Threat Risk Modeling]] |
| Module_Overview_Goal = When you start a web application design, it is essential to apply threat risk modeling; otherwise you will squander resources, time, and money on useless controls that fail to focus on the real risks. | | Module_Overview_Goal = When you start a web application design, it is essential to apply threat risk modeling; otherwise you will squander resources, time, and money on useless controls that fail to focus on the real risks. | ||
| Line 18: | Line 18: | ||
| | ||
| Material = | | Material = | ||
| − | [http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard Project] | + | * [http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard Project (ASVS)] |
| − | [http://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Testing Guide V 3.0 - PDF] | + | * [http://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Testing Guide V 3.0 - PDF] |
| + | * [http://www.owasp.org/index.php/File:OWASP-BeNeLux_2010_ThreatModeling.pdf Threat Modelling Dec'10] | ||
}} | }} | ||
| + | |||
| + | |||
| + | |||
| + | [[Category:OWASP_Training|Training]] | ||
Latest revision as of 17:33, 20 December 2010
| MODULE | |
| Threat Risk Modeling | |
| Overview & Goal | |
| When you start a web application design, it is essential to apply threat risk modeling; otherwise you will squander resources, time, and money on useless controls that fail to focus on the real risks.
The method used to assess risk is not nearly as important as actually performing a structured threat risk modeling. Microsoft notes that the single most important factor in their security improvement program was the corporate adoption of threat risk modeling. | |
| Contents | Materials |
|
* OWASP Application Security Verification Standard Project (ASVS) |
