Presentation is loading. Please wait.

Presentation is loading. Please wait.

November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 1 Application Threat Modeling Workshop PART III Threat Modeling Demo & Practice.

Published byDavion Roades Modified over 9 years ago

Similar presentations

Presentation on theme: "November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 1 Application Threat Modeling Workshop PART III Threat Modeling Demo & Practice."— Presentation transcript:

1 November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 1 Application Threat Modeling Workshop PART III Threat Modeling Demo & Practice

2 November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 2 Application Threat Modeling Workshop Threat Modeling Tools  Threat Modeling Analysis and Modeling (TAM) (Microsoft)  Pros: Flexible, Build in Threat & Attack Library  Cons: Not updated-supported, DFD require VISIO ™ installation  SDL Threat Modeling (Microsoft)  Pros: Integrated with SDL, Plug-in in issue tracking, free  Cons: Use STRIDE/DREAD not even used my Microsoft  Trike (open source)  Pros: Flexible, automatic threat generation  Cons: Not scalable, not maintained  PTA (commercial)  Pros: factor business impact of assets  Cons: User need to define threats, vulnerabilities and countermeasures Source : http://www.net-security.org/dl/insecure/INSECURE-Mag-17.pdf

3 November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 3 Application Threat Modeling Workshop Threat Modeler Tool™ Demonstration 1.Threat Modeler live demo session with myAppSecurity Inc (20 minutes) 2.Develop your threat model con threatModeler ™ with PASTA™ (30 minutes) https://www.youtube.com/watch?v=OZSjS8nu6kE

4 November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 4 Application Threat Modeling Workshop Threat Modeling Example : Mobile Payment Application

5 November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 5 Application Threat Modeling Workshop Define Requirements

6 November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 6 Application Threat Modeling Workshop Application Functional Decomposition

7 November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 7 Application Threat Modeling Workshop Security-Design Assertion

8 November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 8 Application Threat Modeling Workshop Threat Analysis

9 November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 9 Application Threat Modeling Workshop Threat –Controls-Vulnerability Analysis at Component Level

10 November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 10 Application Threat Modeling Workshop Vulnerability Analysis

11 November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 11 Application Threat Modeling Workshop Attack-Threat Tree Modeling

12 November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 12 Application Threat Modeling Workshop Risk Analysis And Management

13 November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 13 Application Threat Modeling Workshop Q & Q U E S T I O N S A N S W E R S

14 November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 14 Application Threat Modeling Workshop Thanks for Your Attention Email me : Marco (dot) M (dot) Morana (at) Citi (dot) com Follow me on twitter:@threatmodeling Preorder the book “Application Threat Modeling Book, Wiley-Blackwell” on Amazon http://www.amazon.co.uk/Application-Threat- Modeling-Marco-Morana/dp/0470500964

Download ppt "November 7°-8° - Belfast & Dublin- ISACA Ireland Chapters 1 Application Threat Modeling Workshop PART III Threat Modeling Demo & Practice."

Similar presentations

When E-mail Loses Its Charm Team Collaboration Without Clogging Your Inbox Annette Marquis Gini Courter.

When Loses Its Charm Team Collaboration Without Clogging Your Inbox Annette Marquis Gini Courter.
MANAGED SECURITY: Protecting your data and your business Insert reseller logo.

MANAGED SECURITY: Protecting your data and your business Insert reseller logo.
Sachin Rawat Crypsis SDL Threat Modeling.

Sachin Rawat Crypsis SDL Threat Modeling.
Bringing Value to European Energy Sector

Bringing Value to European Energy Sector
Philly SharePoint User Group January 25 th, 2012.

Philly SharePoint User Group January 25 th, 2012.
Risk Analysis James Walden Northern Kentucky University.

Risk Analysis James Walden Northern Kentucky University.
The Free IT Management App & Community. What Do I Have? How Do I Keep Track of Everything? Is Everything Working? How Do I Fix IT? IT Admin What IT Pros.

The Free IT Management App & Community. What Do I Have? How Do I Keep Track of Everything? Is Everything Working? How Do I Fix IT? IT Admin What IT Pros.
A Demo of and Preventing XSS in.NET Applications.

A Demo of and Preventing XSS in.NET Applications.
GPPC Connections 2011 | November 6-8 | Las Vegas, NV Do online project management solutions help our practices? Sandra Glick Stuart Gamm CriticalEdge Group,

GPPC Connections 2011 | November 6-8 | Las Vegas, NV Do online project management solutions help our practices? Sandra Glick Stuart Gamm CriticalEdge Group,
What is Ask Us 24/7? Live Chat Reference – patrons can chat one-on-one with a librarian in real time......

What is Ask Us 24/7? Live Chat Reference – patrons can chat one-on-one with a librarian in real time......
AppSec USA 2014 Denver, Colorado Threat Modeling Made Interactive! Eunsuk Kang Software Design Group CSAIL, MIT.

AppSec USA 2014 Denver, Colorado Threat Modeling Made Interactive! Eunsuk Kang Software Design Group CSAIL, MIT.
Thessaloniki 28-30 November 2014. Penetration Testing with Android Devices Hacking with our pocket device, made easy! Thomas Sermpinis a.k.a. Cr0wTom.

Thessaloniki November Penetration Testing with Android Devices Hacking with our pocket device, made easy! Thomas Sermpinis a.k.a. Cr0wTom.
Desmos Cool Tools Innovative Technology Middle School-High School Age Group By Kari Ciesielczyk, JoAnna DiFalco, and Alexis Owen.

Desmos Cool Tools Innovative Technology Middle School-High School Age Group By Kari Ciesielczyk, JoAnna DiFalco, and Alexis Owen.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Spiceworks Overview Enterprise Business Group Jul-2015.

Spiceworks Overview Enterprise Business Group Jul-2015.
Application Threat Modeling Workshop

Application Threat Modeling Workshop
2012 IASA Advanced Boot Camp: Mastering the Art of Marketing & Selling to Insurance Companies! Thursday, March 15 th & Friday, March 16 th Omni Amelia.

2012 IASA Advanced Boot Camp: Mastering the Art of Marketing & Selling to Insurance Companies! Thursday, March 15 th & Friday, March 16 th Omni Amelia.
Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005

Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005

Similar presentations

Ads by Google