This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Summit 2011 Working Sessions/Session099"

From OWASP
Jump to: navigation, search
 
(21 intermediate revisions by 19 users not shown)
Line 4: Line 4:
 
| summit_session_attendee_name1 = Matthew Chalmers
 
| summit_session_attendee_name1 = Matthew Chalmers
 
| summit_session_attendee_email1 = [email protected]
 
| summit_session_attendee_email1 = [email protected]
 +
| summit_session_attendee_username1 =
 
| summit_session_attendee_company1=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
 
| summit_session_attendee_company1=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=
  
 
| summit_session_attendee_name2 = Colin Watson
 
| summit_session_attendee_name2 = Colin Watson
| summit_session_attendee_email2 = [email protected]
+
| summit_session_attendee_email2 =  
 +
| summit_session_attendee_username2 =
 
| summit_session_attendee_company2=
 
| summit_session_attendee_company2=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=
Line 14: Line 16:
 
| summit_session_attendee_name3 = Mateo Martinez
 
| summit_session_attendee_name3 = Mateo Martinez
 
| summit_session_attendee_email3 = [email protected]
 
| summit_session_attendee_email3 = [email protected]
 +
| summit_session_attendee_username3 =
 
| summit_session_attendee_company3=
 
| summit_session_attendee_company3=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=
  
| summit_session_attendee_name4 =  
+
| summit_session_attendee_name4 = Dinis Cruz
| summit_session_attendee_email4 =  
+
| summit_session_attendee_email4 = [email protected]
 +
| summit_session_attendee_username4 =  
 
| summit_session_attendee_company4=
 
| summit_session_attendee_company4=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=
  
| summit_session_attendee_name5 =  
+
| summit_session_attendee_name5 = Jim Manico
| summit_session_attendee_email5 =  
+
| summit_session_attendee_email5 = [email protected]
 +
| summit_session_attendee_username5 =  
 
| summit_session_attendee_company5=
 
| summit_session_attendee_company5=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=
  
| summit_session_attendee_name6 =  
+
| summit_session_attendee_name6 = Neil Matatall
| summit_session_attendee_email6 =  
+
| summit_session_attendee_email6 = [email protected]
 +
| summit_session_attendee_username6 =  
 
| summit_session_attendee_company6=
 
| summit_session_attendee_company6=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=
  
| summit_session_attendee_name7 =  
+
| summit_session_attendee_name7 = Christian Martorella
| summit_session_attendee_email7 =  
+
| summit_session_attendee_email7 = [email protected]
 +
| summit_session_attendee_username7 =  
 
| summit_session_attendee_company7=
 
| summit_session_attendee_company7=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=
  
| summit_session_attendee_name8 =  
+
| summit_session_attendee_name8 = Steven van der Baan
| summit_session_attendee_email8 =  
+
| summit_session_attendee_email8 = [email protected]
 +
| summit_session_attendee_username8 =  
 
| summit_session_attendee_company8=
 
| summit_session_attendee_company8=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=
  
| summit_session_attendee_name9 =  
+
| summit_session_attendee_name9 = Nishi Kumar
| summit_session_attendee_email9 =  
+
| summit_session_attendee_email9 = [email protected]
 +
| summit_session_attendee_username9 =  
 
| summit_session_attendee_company9=
 
| summit_session_attendee_company9=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=
  
| summit_session_attendee_name10 =  
+
| summit_session_attendee_name10 = Cecil Su
| summit_session_attendee_email10 =  
+
| summit_session_attendee_email10 = [email protected]
 +
| summit_session_attendee_username10 =  
 
| summit_session_attendee_company10=
 
| summit_session_attendee_company10=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=
  
| summit_session_attendee_name11 =  
+
| summit_session_attendee_name11 = Antonio Fontes
| summit_session_attendee_email11 =  
+
| summit_session_attendee_email11 = [email protected]
 +
| summit_session_attendee_username11 =  
 
| summit_session_attendee_company11=
 
| summit_session_attendee_company11=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=
  
| summit_session_attendee_name12 =  
+
| summit_session_attendee_name12 = Sherif Koussa
| summit_session_attendee_email12 =  
+
| summit_session_attendee_email12 = [email protected]
| summit_session_attendee_company12=
+
| summit_session_attendee_username12 =  
 +
| summit_session_attendee_company12= Software Secured
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=
  
| summit_session_attendee_name13 =  
+
| summit_session_attendee_name13 = Matthias Rohr
| summit_session_attendee_email13 =  
+
| summit_session_attendee_email13 = [email protected]
| summit_session_attendee_company13=
+
| summit_session_attendee_username13 =  
 +
| summit_session_attendee_company13= SEC Consult
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=
  
| summit_session_attendee_name14 =  
+
| summit_session_attendee_name14 = Vishal Garg
| summit_session_attendee_email14 =  
+
| summit_session_attendee_email14 = [email protected]
| summit_session_attendee_company14=
+
| summit_session_attendee_username14 =  
 +
| summit_session_attendee_company14= AppSecure Labs
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=  
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=  
  
| summit_session_attendee_name15 =  
+
| summit_session_attendee_name15 = Matteo Meucci
| summit_session_attendee_email15 =  
+
| summit_session_attendee_email15 = [email protected]
 +
| summit_session_attendee_username15 =  
 
| summit_session_attendee_company15=
 
| summit_session_attendee_company15=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=
  
| summit_session_attendee_name16 =  
+
| summit_session_attendee_name16 = Seba Deleersnyder
| summit_session_attendee_email16 =  
+
| summit_session_attendee_email16 = [email protected]
| summit_session_attendee_company16=
+
| summit_session_attendee_username16 =  
 +
| summit_session_attendee_company16= SAIT Zenitel
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=
  
| summit_session_attendee_name17 =  
+
| summit_session_attendee_name17 = Tony UcedaVelez
| summit_session_attendee_email17 =  
+
| summit_session_attendee_email17 = [email protected]
| summit_session_attendee_company17=
+
| summit_session_attendee_username17 = Tony UcedaVelez
 +
| summit_session_attendee_company17= VerSprite
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=
  
| summit_session_attendee_name18 =  
+
| summit_session_attendee_name18 = L. Gustavo C. Barbato
| summit_session_attendee_email18 =  
+
| summit_session_attendee_email18 = [email protected]
| summit_session_attendee_company18=
+
| summit_session_attendee_username18 = Gustavo Barbato
 +
| summit_session_attendee_company18= Dell
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=
  
| summit_session_attendee_name19 =  
+
| summit_session_attendee_name19 = Edward Bonver
| summit_session_attendee_email19 =  
+
| summit_session_attendee_email19 = [email protected]
| summit_session_attendee_company19=
+
| summit_session_attendee_username19 = Edward Bonver
 +
| summit_session_attendee_company19= Symantec
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=
  
| summit_session_attendee_name20 =  
+
| summit_session_attendee_name20 = Ofer Maor
| summit_session_attendee_email20 =  
+
| summit_session_attendee_email20 = [email protected]
 +
| summit_session_attendee_username20 =  
 
| summit_session_attendee_company20=
 
| summit_session_attendee_company20=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=
 +
 +
| summit_session_attendee_name21 = Wojciech Dworakowski
 +
| summit_session_attendee_email21 = [email protected]
 +
| summit_session_attendee_username21 = Wojciech Dworakowski
 +
| summit_session_attendee_company21= SecuRing
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed21=
 +
 +
| summit_session_attendee_name22 = Alexandre Miguel Aniceto
 +
| summit_session_attendee_email22 = [email protected]
 +
| summit_session_attendee_username22 = Alexandre Miguel Aniceto
 +
| summit_session_attendee_company22= Willway
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed22=
 +
 
|-
 
|-
 
| summit_track_logo = [[Image:T._individual_projects.jpg]]
 
| summit_track_logo = [[Image:T._individual_projects.jpg]]
Line 109: Line 142:
 
|-
 
|-
  
| short_working_session_description=Discuss on various components of threat modeling. Various threat modeling methodologies and their challenges. This is a new idea and will have more details coming soon. If you have an idea to discuss, please email Anurag Agarwal at [email protected]
+
| short_working_session_description=Discussion on various components of threat modeling, threat modeling methodologies and their challenges.  
  
 
|-
 
|-
Line 130: Line 163:
 
|-
 
|-
  
| summit_session_objective_name1= Discuss on various components of threat modeling
+
| summit_session_objective_name1= Reviewing existing methodologies and their pros and cons
  
| summit_session_objective_name2 = Various threat modeling methodologies and their challenges
+
| summit_session_objective_name2 = Assigning business impacts to threats
  
| summit_session_objective_name3 = If you have an idea to discuss, please email Anurag Agarwal at [email protected]
+
| summit_session_objective_name3 = Assigning technical impacts to threats
  
| summit_session_objective_name4 =  
+
| summit_session_objective_name4 = Threat Rating System.
  
| summit_session_objective_name5 =
+
| summit_session_objective_name5 = Can we bring attack trees into main stream threat modeling methodology?
 +
 
 +
| summit_session_objective_name6 = Can we use metrics to promote threat modeling?
  
 
|-
 
|-
Line 158: Line 193:
 
|-
 
|-
  
|summit_session_deliverable_name1 = Existing threat modeling methodologies and their pros and cons
+
|summit_session_deliverable_name1 = A document with a public recommendation on the use of threat modeling
|summit_session_deliverable_url_1 =  
+
|summit_session_deliverable_name2 = An OWASP standard defining what a threat model is.
  
|summit_session_deliverable_name2 = Various components of threat modeling methodology
+
|summit_session_deliverable_name3 = An OWASP standard defining a workflow for creating and maintaining a threat model.
|summit_session_deliverable_url_2 =
 
  
|summit_session_deliverable_name3 =
+
|summit_session_deliverable_name4 = A white paper providing recommendations on how organizations can use threat modeling to achieve better security earlier in the process. Including a business-case rationale for threat modeling would be excellent.
|summit_session_deliverable_url_3 =  
 
  
|summit_session_deliverable_name4 =
+
|summit_session_deliverable_name5 =  
|summit_session_deliverable_url_4 =  
 
  
|summit_session_deliverable_name5 =  
+
|summit_session_deliverable_name6 =  
|summit_session_deliverable_url_5 =  
+
 
 +
|summit_session_deliverable_name7 =  
  
 +
|summit_session_deliverable_name8 =
  
 
|-
 
|-
Line 181: Line 215:
 
| summit_session_leader_name2 =  
 
| summit_session_leader_name2 =  
 
| summit_session_leader_email2 =  
 
| summit_session_leader_email2 =  
 +
| summit_session_leader_username2 =
  
 
| summit_session_leader_name3 =  
 
| summit_session_leader_name3 =  
 
| summit_session_leader_email3 =  
 
| summit_session_leader_email3 =  
 +
| summit_session_leader_username3 =
  
 
|-
 
|-
Line 189: Line 225:
 
| operational_leader_name1 =
 
| operational_leader_name1 =
 
| operational_leader_email1 =
 
| operational_leader_email1 =
 +
| operational_leader_username1 =
  
 
|-
 
|-

Latest revision as of 23:49, 7 February 2011

Global Summit 2011 Home Page
Global Summit 2011 Tracks

WS. individual projects.jpg Threat Modeling
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description Discussion on various components of threat modeling, threat modeling methodologies and their challenges.
Related Projects (if any)


Email Contacts & Roles Chair
Anurag Agarwal @

Operational Manager
Mailing list
{{{mailing_list}}}
WORKING SESSION SPECIFICS
Objectives
  1. Reviewing existing methodologies and their pros and cons
  2. Assigning business impacts to threats
  3. Assigning technical impacts to threats
  4. Threat Rating System.
  5. Can we bring attack trees into main stream threat modeling methodology?

Venue/Date&Time/Model Venue/Room
OWASP Global Summit Portugal 2011
Date & Time


Discussion Model
participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS
WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group Approved by OWASP Board

A document with a public recommendation on the use of threat modeling

After the Board Meeting - fill in here.

An OWASP standard defining what a threat model is.

After the Board Meeting - fill in here.

An OWASP standard defining a workflow for creating and maintaining a threat model.

After the Board Meeting - fill in here.

A white paper providing recommendations on how organizations can use threat modeling to achieve better security earlier in the process. Including a business-case rationale for threat modeling would be excellent.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
Matthew Chalmers @
ralogo_web.gif

Colin Watson


Mateo Martinez @


Dinis Cruz @


Jim Manico @


Neil Matatall @


Christian Martorella @


Steven van der Baan @


Nishi Kumar @


Cecil Su @


Antonio Fontes @


Sherif Koussa @
Software Secured

Matthias Rohr @
SEC Consult

Vishal Garg @
AppSecure Labs

Matteo Meucci @


Seba Deleersnyder @
SAIT Zenitel

Tony UcedaVelez @
VerSprite

L. Gustavo C. Barbato @
Dell

Edward Bonver @
Symantec

Ofer Maor @