Due to research for my BachelorĀ thesis I found a good video about threat modeling, which explains the whole process by using the Death Star as example. It’s kind of “threat modeling for dummies” I think. The presentation was held by Kevin M. Williams at the last hope conference this year.
The video is split in 3 parts: [1] [2] [3].
Well done, Mr. Williams :D
P.S.: My favorite is Part No. 2 aroundĀ 4:20….. :)
really cool :)
hi
how can i get a good document or article about threat modeling?
hey salim,
there are many good documents about threat modeling out there. I recommend the Open Web Application Project (Owasp) as starting point for an overview about threat modeling:
http://www.owasp.org/index.php/Application_Threat_Modeling
http://www.owasp.org/index.php/Threat_Modeling
Then you might look at Microsoft Developer Network (MSDN) for some Microsoft related infos about threat modeling:
http://www.microsoft.com/security/sdl/getstarted/threatmodeling.aspx
You might take a look at the “related links” on that page.
They also developed some tools which can be used to model an application. I recommend the SDL Threat Modeling Tool 3.1.4. It got samples and good documentation about the process itself.
Some others articels can be found in the weblogs from Peter Torr, Shawn Hernan, Bryan Sullivan, Michael Howard (one of the authors of the book “The Security Development Lifecycle”) and Adam Shostack. Check out the following links:
http://blogs.msdn.com/ptorr/archive/2005/02/22/378510.aspx
http://msdn.microsoft.com/en-us/magazine/cc163519.aspx
http://blogs.msdn.com/sdl/archive/2007/09/26/the-trouble-with-threat-modeling-2.aspx
I hope that’s what you expected ;)
cheers