OWASP SFL meeting - 1 talk + Discussion + Pizza
Wednesday, August 7th, 2019: 6:00 PM to 8:00 PM
August 4, 2019,
Volume 256, Issue 5

FAU - Boca Raton

Threat modeling is a fundamental activity for those designing, maintaining, or administering software systems. The way a threat is modeled has a big effect on how to handle it and several ways to do this modeling have been proposed.

A good model should lead into the systematic enumeration of the threats of a system. We look at several models, including DFDs, Misuse cases, Misuse patterns, Cyber Kill Chain (CKC), Attack Graphs, Attack Trees, and Attack/Defense Trees.

We then see methods to enumerate and classify threats, including STRIDE, Use cases and activities, Uzunov, and CORAS. Another aspect are catalogs of threats/vulnerabilities including CVE, CVSS, and CWE, OWASP. We end by considering CPS threats.

Hosted by Rohini Sulatycki from South Florida OWASP Chapter

Read More ...

Keywords:

     
    Other articles in the section of Volume 256, Issue 5:
    • OWASP SFL meeting - 1 talk + Discussion + Pizza (this article)

    See all archived articles in the section.