Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [BAD-DATE] Threat Modeling

from [Arian J. Evans] Network Security [Permanent Link]
Subject: RE: [BAD-DATE] Threat Modeling
Date: Thu, 25 Nov 2004 17:50:29 -0600 
Wow, this is an old threat, but I don't remember anyone passing this link
at the time:

MS Threat Modeling Resource Center:
http://msdn.microsoft.com/security/securecode/threatmodeling/default.aspx

and their free tool:
http://www.microsoft.com/downloads/details.aspx?familyid=62830f95-0e61-4f87-88a6-e7c663444ac1&displaylang=en

As for OCTAVE, yes, we work with it a lot at my workplace.

I for one am not a fan of targeting and prioritization in this fashion
due to the experience that it simply doesn't work. A number of the
biggest holes I've found have been ones that would have been missed
following a model like OCTAVE. (referring to general pen testing here.)

What is your question here? Do we need an OCTAVE thread?

Arian



-----Original Message-----
From: D. Hohn [mailto:dmalloc@users.sourceforge.net]
Sent: Wednesday, May 19, 2004 12:48 AM
To: Mark Curphey
Cc: webappsec@securityfocus.com
Subject: Re: [BAD-DATE] Threat Modeling


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Mark Curphey wrote:
| Does anyone have any experience with the OCTAVE threat modeling
methodology | from CMU ?
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • RE: [BAD-DATE] Threat Modeling, Arian J. Evans <=
Previous by Date:  RE: Article - A solution to phishing, Christopher Canova
Next by Date:  Re: IIS session & application variables, saphyr
Previous by Thread:  IIS session & application variables, Bénoni MARTIN
Next by Thread:  ActiveX controls within an Intranet Environment, Marian Fitzgerald
Indexes:  [Date] [Thread] [Top] [All Lists]