threat modeling: security development lifecycle

12

Threat Modeling: Security Development Lifecycle Tyrell Flurry Jeff Thomas Akhil Oniha

Upload: muriel

Post on 06-Jan-2016

31 views

Category:

Documents

1 download

Report

Download

Tags:

Embed Size (px):

DESCRIPTION

Threat Modeling: Security Development Lifecycle. Tyrell Flurry Jeff Thomas Akhil Oniha. What is Threat Modeling?. - PowerPoint PPT Presentation

TRANSCRIPT

Threat Modeling: Security Development Lifecycle

Threat Modeling:Security Development LifecycleTyrell FlurryJeff ThomasAkhil OnihaWhat is Threat Modeling?An engineering technique used to aid in the identification of assets, vulnerabilities, threats, attacks and countermeasures for a given system or software. Threat modeling helps to:Identify security objectives.Identify threats.Identify vulnerabilities, countermeasures and mitigation strategiesWhy Microsoft SDL?Threat modeling is a complex task that few individuals can properly execute Software architects are generally more concerned with operation and performance than securityMicrosoft SDL transforms threat modeling into an activity that any software architect can perform effectivelyHow Does Microsoft SDL work?Microsoft based application must be used on Microsoft OS and requires Microsoft Visio for diagramming systemStep 1: Diagram/whiteboard systemStep 2: Identify Threats (STRIDE approach)Step 3: Identify Mitigation StrategiesStep 4: Validate system and repeat

Our ApproachUtilize the Microsoft SDL to analyze the threats faced by a fictitious banks online banking application. Whiteboard system Level 0 DFDUtilize Microsoft SDL to identify threats that face each component/element of the DFDEstablish appropriate mitigation strategiesSystem Diagram & App. Home Screen

Model Analysis (All Element View)

Model Analysis (Single Element View)

System Environment Description

System Reports

System Reports cont

Questions ???

The Art of Threat Modeling for IT Risk Management … · Threat modeling during the various phases of the software development lifecycle Whether threat modeling is performed on an

Reverse Threat Modeling

Threat Modeling & Simulation

Cloud Threat Modeling

THE THREAT LIFECYCLE MANAGEMENT FRAMEWORK€¦ · PAGE 3 THE THREAT LIFECYCLE MANAGEMENT FRAMEWOR Preface Globally, sophisticated cyber-attacks are compromising organizations at an

Threat Modeling: Best Practices

Presenter Name Date Introduction to Microsoft ® Security Development Lifecycle (SDL) Threat Modeling Secure software made easier

Threat Modeling: Security Development Lifecycle Tyrell Flurry Jeff Thomas Akhil Oniha

Threat Modeling - GBV

Take Control of the Endpoint Threat Defense Lifecycle

Advanced Threat Protection Lifecycle Infographic

Threat Modeling with STRIDE - Concordia Universityusers.encs.concordia.ca/~clark/courses/1601-6150/scribe/L04c.pdf · Threat Modeling with STRIDE Slides adapted from Threat Modeling:

Threat Modeling for Secure - Application Security Testing ... · Threat Modeling for Secure Embedded Software | |Klocwork White Paper 2 Threat Modeling – A Brief Overview_____ Threat

Security Threat Modeling

Threat Modeling for Mobile Health Systems · Threat Modeling Overview TLP: WHITE, ID# 202004301030 • Threat modeling is an important aspect of the security development lifecycle,

NET3389BUS Integrating Threat Defense Lifecycle or ... · Integrating Threat Defense Lifecycle Security Services with ... •This overview of new technology represents no commitment

Corporate Threat Modeling v2

…using threat lifecycle management to defeat insider ...€¦ · Threat lifecycle management technology has a core place in their strategies. This document discusses how security

Adam Shostack Microsoft - LayerOne...Threat Modeling (Swiderski and Snyder, Microsoft Press) "Guerilla Threat Modeling" (Torr) Patterns and Practices (J.D. Meier) Threat modeling for

Lifecycle Modeling Language (LML) SPECIFICATION

Threat Modeling - ISACA

Threat Modeling - Overview

Lecture 7: Threat Modeling

Analytical Lifecycle Modeling and Threat Analysis of Botnets · 2018-12-31 · Analytical Botnet Expansion/Lifecycle Models Our Modeling echniquesT Modeling echniquesT and Assumptions

Application Threat Modeling

Tactical Threat Modeling - SAFECode · Tactical Threat Modeling

Threat Lifecycle Management_Whitepaper

Lecture 11: Threat Modeling

Threat Modeling - home.eng.iastate.edu

Security for Developers Threat Modeling and the Security Development Lifecycle Steven Borg & Richard Hundhausen Accentient, Inc

Threat Modeling / iPad

Threat Modeling for Automotive Security Analysisonlinepresent.org/proceedings/vol139_2016/68.pdf · Threat Modeling for Automotive Security Analysis ... threat modeling STRIDE method

DNS Threat Modeling - OWASP · Threat Modeling Using STRIDE By: Girindro Pringgo Digdo, ... Threat Modeling Diagram Identify Threats Identify Threats Mitigate Validate STRIDE Trike

threat modeling - SecAppDev Peeters/threat... · threat modeling Johan Peeters ... threat model looks out: adversaries ... assignment I who are the potential adversaries?

Cryptocurrency-based Systems Threat Modeling for · Threat Modeling and Cryptocurrencies Threat modeling is an essential step in secure systems design. Explore the threat space to