3. Good Approach to Threat Modeling
Pavel Radchuk - SAMM: Understanding Agile in Security
https://speakerdeck.com/owaspkyiv/pavel-radchuk-samm-understanding-agile-in-security?slide=22
4. Threat Modeling Strategy
SAMM2 -> Design -> Threat Assessment -> Threat
Modeling
Maturity level 1: Basic understanding of potential
threats to the solution
“…The practice of threat modelling includes both
eliciting and managing threats. Use known good
security practices (or the lack thereof) or a more
structured approach such as STRIDE to elicit
threats. Threat modelling is often most effective
when performed by a group of people, allowing for
brainstorming…”
https://owaspsamm.org/v2.0b/core/design/d-threat-assessment/
5. How We Threat Model
1. What are we building?
2. What could go wrong?
3. What will we do about it?
4. Did we do a good job?