Making threat modeling so easy

•Télécharger en tant que PPTX, PDF•

3 j'aime•1,185 vues

The amazing presentation from Michael Howard that was hard to find at it's original location With permission from Michael https://twitter.com/michael_howard/status/724990374834360320

Logiciels

††Spoofing, Tampering, Repudiation, Information Disclosure,
Denial of Service, Elevation of Priv
† Data Flow Diagrams

http://caniuse.com/#search=hsts
https://developer.mozilla.org/en-US/docs/web/Security/HTTP_strict_transport_security

https://www.nartac.com/Products/IISCrypto/Default.aspx

S
STRIDE
STRIDE
TI TI
TI
TI
TI
TI
TI
TI
THIS IS YOUR
THREAT MODEL!

Recommandé

OWASP Melbourne - Introduction to iOS Application Penetration Testingeightbit

Real World Application Threat Modelling By ExampleNCC Group

A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...ufpb

Information Security Concepts.pdfSameeraSarathchandra1

Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan

Hacking and Defending APIs - Red and Blue make Purple.pdfMatt Tesauro

Penetration testing reporting and methodologyRashad Aliyev

Python-Assisted Red-Teaming OperationSatria Ady Pradana

Recommandé

OWASP Melbourne - Introduction to iOS Application Penetration Testingeightbit

Real World Application Threat Modelling By ExampleNCC Group

A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...ufpb

Information Security Concepts.pdfSameeraSarathchandra1

Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan

Hacking and Defending APIs - Red and Blue make Purple.pdfMatt Tesauro

Penetration testing reporting and methodologyRashad Aliyev

Python-Assisted Red-Teaming OperationSatria Ady Pradana

Black Hat 2015 Arsenal: Noriben Malware AnalysisBrian Baskin

Fundamentals of Network securityAPNIC

Threat Modeling workshop by Robert HurlbutDevSecCon

Oscp preparationManich Koomsusi

OWASP Top 10 Web Application VulnerabilitiesSoftware Guru

Social EngineeringCyber Agency

Social engineeringMaulik Kotak

Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer

Ch 10: Hacking Web ServersSam Bowne

Sécurité informatique : le Retour sur Investissement que vous n'attendiez pasMaxime ALAY-EDDINE

Social EngineeringWilliam Gregorian

E Commerce securityMayank Kashyap

Secure Coding for JavaSébastien GIORIA

Introduction to red team operationsSunny Neo

Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK

Social engineering by-rakesh-nagekarRaghunath G

7 Steps to Threat ModelingDanny Wong

Social engineeringRobert Hood

Presentation of Social Engineering - The Art of Human Hackingmsaksida

Threat Modeling Using STRIDEGirindro Pringgo Digdo

SC conference - Building AppSec TeamsDinis Cruz

SecDevOps Risk Workflow - v0.6Dinis Cruz

Contenu connexe

Tendances

Black Hat 2015 Arsenal: Noriben Malware AnalysisBrian Baskin

Fundamentals of Network securityAPNIC

Threat Modeling workshop by Robert HurlbutDevSecCon

Oscp preparationManich Koomsusi

OWASP Top 10 Web Application VulnerabilitiesSoftware Guru

Social EngineeringCyber Agency

Social engineeringMaulik Kotak

Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer

Ch 10: Hacking Web ServersSam Bowne

Sécurité informatique : le Retour sur Investissement que vous n'attendiez pasMaxime ALAY-EDDINE

Social EngineeringWilliam Gregorian

E Commerce securityMayank Kashyap

Secure Coding for JavaSébastien GIORIA

Introduction to red team operationsSunny Neo

Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK

Social engineering by-rakesh-nagekarRaghunath G

7 Steps to Threat ModelingDanny Wong

Social engineeringRobert Hood

Presentation of Social Engineering - The Art of Human Hackingmsaksida

Threat Modeling Using STRIDEGirindro Pringgo Digdo

Tendances (20)

Black Hat 2015 Arsenal: Noriben Malware Analysis

Fundamentals of Network security

Threat Modeling workshop by Robert Hurlbut

Oscp preparation

OWASP Top 10 Web Application Vulnerabilities

Social Engineering

Social engineering

Advantage Technology - Ransomware and the NIST Cybersecurity Framework

Ch 10: Hacking Web Servers

Sécurité informatique : le Retour sur Investissement que vous n'attendiez pas

Social Engineering

E Commerce security

Secure Coding for Java

Introduction to red team operations

Social Engineering,social engeineering techniques,social engineering protecti...

Social engineering by-rakesh-nagekar

7 Steps to Threat Modeling

Social engineering

Presentation of Social Engineering - The Art of Human Hacking

Threat Modeling Using STRIDE

En vedette

SC conference - Building AppSec TeamsDinis Cruz

SecDevOps Risk Workflow - v0.6Dinis Cruz

Surrogate dependencies (in node js) v1.0Dinis Cruz

Hacking Portugal , C-days 2016 , v1.0Dinis Cruz

Security in a Continuous Delivery WorldDinis Cruz

Security champions v1.0Dinis Cruz

Legacy-SecDevOps (AppSec Management Debrief)Dinis Cruz

Owasp summit 2017 Dinis Cruz

Veracode Automation CLI (using Jenkins for SDL integration)Dinis Cruz

NodeJS security - still unsafe at most speeds - v1.0Dinis Cruz

GPG Signing Git CommitsDinis Cruz

Introduction to OWASP & Web Application SecurityOWASPKerala

OWASP Top Ten in PracticeSecurity Innovation

New Era of Software with modern Application Security v1.0Dinis Cruz

App sec and quality london - may 2016 - v0.5Dinis Cruz

Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)Dinis Cruz

Hacking Portugal v1.1Dinis Cruz

Using jira to manage risks v1.0 - owasp app sec eu - june 2016Dinis Cruz

SecDevOps - The Operationalisation of SecurityDinis Cruz

En vedette (19)

SC conference - Building AppSec Teams

SecDevOps Risk Workflow - v0.6

Surrogate dependencies (in node js) v1.0

Hacking Portugal , C-days 2016 , v1.0

Security in a Continuous Delivery World

Security champions v1.0

Legacy-SecDevOps (AppSec Management Debrief)

Owasp summit 2017

Veracode Automation CLI (using Jenkins for SDL integration)

NodeJS security - still unsafe at most speeds - v1.0

GPG Signing Git Commits

Introduction to OWASP & Web Application Security

OWASP Top Ten in Practice

New Era of Software with modern Application Security v1.0

App sec and quality london - may 2016 - v0.5

Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)

Hacking Portugal v1.1

Using jira to manage risks v1.0 - owasp app sec eu - june 2016

SecDevOps - The Operationalisation of Security

Plus de Dinis Cruz

Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)Dinis Cruz

Glasswall - Safety and Integrity Through Trusted FilesDinis Cruz

Glasswall - How to Prevent, Detect and React to Ransomware incidentsDinis Cruz

The benefits of police and industry investigation - NPCC ConferenceDinis Cruz

Serverless Security Workflows - cyber talks - 19th nov 2019Dinis Cruz

Modern security using graphs, automation and data scienceDinis Cruz

Using Wardley Maps to Understand Security's Landscape and StrategyDinis Cruz

Dinis Cruz (CV) - CISO and Transformation Agent v1.2Dinis Cruz

Making fact based decisions and 4 board decisions (Oct 2019)Dinis Cruz

CISO Application presentation - Babylon health securityDinis Cruz

Using OWASP Security Bot (OSBot) to make Fact Based Security DecisionsDinis Cruz

GSBot Commands (Slack Bot used to access Jira data)Dinis Cruz

(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6 Dinis Cruz

OSBot - Data transformation workflow (from GSheet to Jupyter)Dinis Cruz

Jira schemas - Open Security Summit (Working Session 21th May 2019)Dinis Cruz

Template for "Sharing anonymised risk theme dashboards v0.8"Dinis Cruz

Owasp and summits (may 2019)Dinis Cruz

Creating a graph based security organisation - Apr 2019 (OWASP London chapter...Dinis Cruz

Open security summit 2019 owasp london 25th febDinis Cruz

Owasp summit 2019 - OWASP London 25th febDinis Cruz

Plus de Dinis Cruz (20)

Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)

Glasswall - Safety and Integrity Through Trusted Files

Glasswall - How to Prevent, Detect and React to Ransomware incidents

The benefits of police and industry investigation - NPCC Conference

Serverless Security Workflows - cyber talks - 19th nov 2019

Modern security using graphs, automation and data science

Using Wardley Maps to Understand Security's Landscape and Strategy

Dinis Cruz (CV) - CISO and Transformation Agent v1.2

Making fact based decisions and 4 board decisions (Oct 2019)

CISO Application presentation - Babylon health security

Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions

GSBot Commands (Slack Bot used to access Jira data)

(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6

OSBot - Data transformation workflow (from GSheet to Jupyter)

Jira schemas - Open Security Summit (Working Session 21th May 2019)

Template for "Sharing anonymised risk theme dashboards v0.8"

Owasp and summits (may 2019)

Creating a graph based security organisation - Apr 2019 (OWASP London chapter...

Open security summit 2019 owasp london 25th feb

Owasp summit 2019 - OWASP London 25th feb

Dernier

Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions

Exploring iOS App Development: Simplifying the ProcessEvangelist Apps https://twitter.com/EvangelistSW/

Asset Management Software - InfographicHr365.us smith

HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.

The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171

Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3

Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ

Professional Resume Template for Software DevelopersVinodh Ram

Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08

Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531

ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin

Project Based Learning (A.I).pptx detail explanationkaushalgiri8080

why an Opensea Clone Script might be your perfect match.pdfjoe51371421

Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812

Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy

Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin

What is Binary Language? Computer Number SystemsJheuzeDellosa

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave

Dernier (20)

Advancing Engineering with AI through the Next Generation of Strategic Projec...

Exploring iOS App Development: Simplifying the Process

Asset Management Software - Infographic

HR Software Buyers Guide in 2024 - HRSoftware.com

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data

Cloud Management Software Platforms: OpenStack

Professional Resume Template for Software Developers

Unit 1.1 Excite Part 1, class 9, cbse...

Hand gesture recognition PROJECT PPT.pptx

ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...

Project Based Learning (A.I).pptx detail explanation

why an Opensea Clone Script might be your perfect match.pdf

Unlocking the Future of AI Agents with Large Language Models

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide

What is Binary Language? Computer Number Systems

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

Making threat modeling so easy

10.

11.

12.

13.

14.

15.

16.

17.

18. ††Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Priv † Data Flow Diagrams

19.

20.

21.

22.

23.

24.

25.

26.

27.

28.

29. http://caniuse.com/#search=hsts https://developer.mozilla.org/en-US/docs/web/Security/HTTP_strict_transport_security

30. https://www.nartac.com/Products/IISCrypto/Default.aspx

31.

32. http://www.microsoft.com/security/data/

33.

34.

35.

36. S STRIDE STRIDE TI TI TI TI TI TI TI TI

37. S STRIDE STRIDE TI TI TI TI TI TI TI TI THIS IS YOUR THREAT MODEL!