WebApp Sec mailing list archives
RE: Threat Modeling
From: aporia () tiscali co uk
Date: Thu, 20 May 2004 17:21:54 +0100
I've been looking for a free set of threat models, too - no luck, though - would be interested to know if you are successful. _However_ I can recommend a software product called CRAMM. I don't know if you've used it, but basically it's a tool developed by HMG in Cheltenham. The great thing about it, and the reason it costs 4,000 GBP is that it contains a database of over 3000 threats, vulnerabilities and countermeasures. It also follows a specific methodology (Crown Copyright), and is aligned to BS7799. Unfortunately, the cost is a significant barrier to using it. What about just buying the BS7799 (about 150 GBP) and ISO TR 13335: Guidelines for Management of IT Security (GMIT)? A reasonable starter pack. This isn't fee either, unfortunately. But it is American. --------------- Ian Ristic [ivanr () webkreator com]
Any links to any free threat modeling tools out there ?
Does anyone know what happened to the threat modeling tool Microsoft announced in late 2003? -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] __________________________________________________ Broadband from an unbeatable £15.99! http://www.tiscali.co.uk/products/broadband/home.html?code=SM-NL-11AM
Current thread:
- Threat Modeling Mark Curphey (May 18)
- Re: [BAD-DATE] Threat Modeling D. Höhn (May 19)
- Re: Threat Modeling Ivan Ristic (May 20)
- RE: Threat Modeling Mikael Brejcha (May 24)
- <Possible follow-ups>
- RE: Threat Modeling Michael Howard (May 20)
- RE: Threat Modeling aporia (May 20)
- RE: Threat Modeling Mark Curphey (May 20)
- Re: Threat Modeling Ivan Ristic (May 21)
- Re: Threat Modeling Frank O'Dwyer (May 21)
- Re: Threat Modeling Adrian Wiesmann (May 21)
- Re: Threat Modeling Adrian Wiesmann (May 21)
- RE: Threat Modeling Dan Morrill (May 20)
- Re: Threat Modeling Matthew Franz (May 20)
- RE: Threat Modeling Dan Morrill (May 21)
- RE: Threat Modeling Michael Howard (May 21)
- RE: Threat Modeling Harbar, Spencer J. (May 25)
(Thread continues...)