UsefulLinks
Computer Science
Cybersecurity
Threat Modeling
1. Introduction to Threat Modeling
2. The Threat Modeling Process Overview
3. System Decomposition and Modeling
4. Threat Identification and Enumeration
5. Threat Analysis and Risk Assessment
6. Validation and Verification
7. Integrating Threat Modeling into the Development Lifecycle
8. Domain-Specific Threat Modeling
9. Tooling and Automation
10. Scaling a Threat Modeling Program
2.
The Threat Modeling Process Overview
2.1.
The Four Key Questions
2.1.1.
What are we working on?
2.1.1.1.
System Identification
2.1.1.2.
Asset Inventory
2.1.2.
What can go wrong?
2.1.2.1.
Threat Enumeration
2.1.2.2.
Attack Scenarios
2.1.3.
What are we going to do about it?
2.1.3.1.
Mitigation Planning
2.1.3.2.
Control Selection
2.1.4.
Did we do a good job?
2.1.4.1.
Validation Techniques
2.1.4.2.
Metrics and Feedback
2.2.
Common Process Models
2.2.1.
Microsoft SDL Threat Modeling Process
2.2.1.1.
Steps and Artifacts
2.2.1.2.
Integration with SDL Phases
2.2.2.
VAST Methodology
2.2.2.1.
Visual Modeling
2.2.2.2.
Agile Integration
2.2.2.3.
Scalability Considerations
Previous
1. Introduction to Threat Modeling
Go to top
Next
3. System Decomposition and Modeling