This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP/Training/Threat Risk Modeling

From OWASP
Revision as of 17:21, 23 November 2010 by Sandra Paiva (talk | contribs)

Jump to: navigation, search
MODULE
Threat Risk Modeling
Overview & Goal
When you start a web application design, it is essential to apply threat risk modeling; otherwise you will squander resources, time, and money on useless controls that fail to focus on the real risks.

The method used to assess risk is not nearly as important as actually performing a structured threat risk modeling. Microsoft notes that the single most important factor in their security improvement program was the corporate adoption of threat risk modeling.

Contents Materials
 
  • Performing threat risk modeling using the Microsoft Threat Modeling Process
  • Identify Security Objectives
  • Application Overview
  • Decompose Application
  • Identify Threats
  • STRIDE
  • DREAD
  • Alternative Threat Modeling Systems

 

OWASP Application Security Verification Standard Project (ASVS)

OWASP Testing Guide V 3.0 - PDF