|
This blog has moved! Please update your bookmarks to http://www.blog.modsecurity.org. |
« Honeypot Scan of the Month 31 results are in! | Main | Security patterns repository »
Posted by ivanr on May 27, 2004.
Unless you know what you are protecting, from whom, and why you are going to have a very tough time protecting it. Just as I was researching threat modeling for a chapter of my book, this thread happened on the web application security mailing list. A lot of useful information and insightful opinions were exchanged over the course of few days. Then Microsoft released a free threat modeling tool announced several months ago. If I've interested you in the subject, here is a list of links to some public papers on threat modeling. Update: A video interview Frank Swiderski (the author of the free tool and the Thread Modeling book) is available at channel9 .
Posted by ivanr at May 27, 2004 04:13 PM