ModSecurity Breach

ModSecurity Blog

« Honeypot Scan of the Month 31 results are in! | Main | Security patterns repository »

27 May 2004

Threat modeling information, links, and a free tool

Unless you know what you are protecting, from whom, and why you are going to have a very tough time protecting it. Just as I was researching threat modeling for a chapter of my book, this thread happened on the web application security mailing list. A lot of useful information and insightful opinions were exchanged over the course of few days. Then Microsoft released a free threat modeling tool announced several months ago. If I've interested you in the subject, here is a list of links to some public papers on threat modeling. Update: A video interview Frank Swiderski (the author of the free tool and the Thread Modeling book) is available at channel9 .

Posted by ModSecurity Admin on May 27, 2004 in Web Security | Permalink

Calendar

November 2010
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30

Feeds

Atom Feed

Search

Categories

Apache

Current Affairs

Food and Drink

Games

Intrusion Detection

ModSecurity

ModSecurity Rules

Other Thoughts

PCI

Positive security model

Web Application Firewalls

Web Security

Recent Entries

Announcing Release of CRS v2.0.9

Advanced Topic of the Week: Traditional vs. Anomaly Scoring Detection Modes

ModSecurity 2.5.13 release candidate

Detecting Malice with ModSecurity: IP Forensics

Detecting Malice with ModSecurity: GeoLocation Data

ModSecurity Life cycle

ModSecurity User Survey Results Released

Advanced Topic of the Week: Request Header Tagging

Welcome Aboard Breno Silva

Advanced Topic of the Week: Preventing Malicious PDF File Uploads

Advanced Topic of the Week: XSS Defense via Content Injection

Advanced Topic of the Week: Identifying Improper Output Handling (XSS Flaws)

Advanced Topic of the Week: Validating SessionIDs

WASC WHID Bi-Annual Report for 2010

Advanced Topic of the Week: Real-time Blacklist Lookups

Advanced Topic of the Week: Transformation Functions

OWASP ModSecurity CRS Project Promoted to Release Quality

OWASP ModSecurity Core Rule Set (CRS) v2.0.8 Released

Advanced Topic of the Week: Validating Byte Ranges

What's up @ ModSecurity?

ModSecurity Has a New Home

ModSecurity Happy Hour @ Black Hat USA

Archives

November 2010

October 2010

September 2010

August 2010

July 2010

April 2010

March 2010

November 2009

July 2009

May 2009

March 2009

January 2009

December 2008

October 2008

September 2008

August 2008

July 2008

June 2008

May 2008

April 2008

March 2008

February 2008

January 2008

December 2007

November 2007

October 2007

September 2007

August 2007

July 2007

June 2007

May 2007

April 2007

March 2007

February 2007

January 2007

December 2006

November 2006

October 2006

September 2006

August 2006

July 2006

June 2006

May 2006

March 2006

February 2006

January 2006

December 2005

November 2005

October 2005

September 2005

August 2005

July 2005

June 2005

April 2005

March 2005

February 2005

January 2005

December 2004

September 2004

August 2004

July 2004

June 2004

May 2004

April 2004

March 2004

February 2004

January 2004

December 2003

November 2003

October 2003

September 2003

August 2003

July 2003

June 2003