OWASP SFL meeting - 1 talk + Discussion + Pizza
Wednesday, August 7th, 2019: 6:00 PM to 8:00 PM
August 4, 2019,
Volume 256, Issue 5

FAU - Boca Raton

Threat modeling is a fundamental activity for those designing, maintaining, or administering software systems. The way a threat is modeled has a big effect on how to handle it and several ways to do this modeling have been proposed.

A good model should lead into the systematic enumeration of the threats of a system. We look at several models, including DFDs, Misuse cases, Misuse patterns, Cyber Kill Chain (CKC), Attack Graphs, Attack Trees, and Attack/Defense Trees.

We then see methods to enumerate and classify threats, including STRIDE, Use cases and activities, Uzunov, and CORAS. Another aspect are catalogs of threats/vulnerabilities including CVE, CVSS, and CWE, OWASP. We end by considering CPS threats.

Hosted by Rohini Sulatycki from South Florida OWASP Chapter

Read More ...


    Other articles in the section of Volume 256, Issue 5:
    • OWASP SFL meeting - 1 talk + Discussion + Pizza (this article)

    See all archived articles in the section.