This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Summit 2011 Working Sessions/Session099

From OWASP
Revision as of 23:49, 7 February 2011 by Alexandre Miguel Aniceto (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Global Summit 2011 Home Page
Global Summit 2011 Tracks

WS. individual projects.jpg Threat Modeling
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description Discussion on various components of threat modeling, threat modeling methodologies and their challenges.
Related Projects (if any)


Email Contacts & Roles Chair
Anurag Agarwal @

Operational Manager
Mailing list
{{{mailing_list}}}
WORKING SESSION SPECIFICS
Objectives
  1. Reviewing existing methodologies and their pros and cons
  2. Assigning business impacts to threats
  3. Assigning technical impacts to threats
  4. Threat Rating System.
  5. Can we bring attack trees into main stream threat modeling methodology?

Venue/Date&Time/Model Venue/Room
OWASP Global Summit Portugal 2011
Date & Time


Discussion Model
participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS
WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group Approved by OWASP Board

A document with a public recommendation on the use of threat modeling

After the Board Meeting - fill in here.

An OWASP standard defining what a threat model is.

After the Board Meeting - fill in here.

An OWASP standard defining a workflow for creating and maintaining a threat model.

After the Board Meeting - fill in here.

A white paper providing recommendations on how organizations can use threat modeling to achieve better security earlier in the process. Including a business-case rationale for threat modeling would be excellent.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
Matthew Chalmers @
ralogo_web.gif

Colin Watson


Mateo Martinez @


Dinis Cruz @


Jim Manico @


Neil Matatall @


Christian Martorella @


Steven van der Baan @


Nishi Kumar @


Cecil Su @


Antonio Fontes @


Sherif Koussa @
Software Secured

Matthias Rohr @
SEC Consult

Vishal Garg @
AppSecure Labs

Matteo Meucci @


Seba Deleersnyder @
SAIT Zenitel

Tony UcedaVelez @
VerSprite

L. Gustavo C. Barbato @
Dell

Edward Bonver @
Symantec

Ofer Maor @