FAU - Boca Raton
Threat modeling is a fundamental activity for those designing, maintaining, or administering software systems. The way a threat is modeled has a big effect on how to handle it and several ways to do this modeling have been proposed.
A good model should lead into the systematic enumeration of the threats of a system. We look at several models, including DFDs, Misuse cases, Misuse patterns, Cyber Kill Chain (CKC), Attack Graphs, Attack Trees, and Attack/Defense Trees.
We then see methods to enumerate and classify threats, including STRIDE, Use cases and activities, Uzunov, and CORAS. Another aspect are catalogs of threats/vulnerabilities including CVE, CVSS, and CWE, OWASP. We end by considering CPS threats.
Hosted by Rohini Sulatycki from South Florida OWASP Chapter
Read More ...