threat modeling – Page 17 – WindowsTechs.com

The evolution of a Threat Pattern

Posted on April 4, 2017 by Demetrio Milea

In an era of agile development and digital transformation, any application is subject to ongoing enhancement and improvement. Indeed, software engineering is a complex process with many interdependent tasks where multiple functions share responsibilities to strike a balance between software quality and business objectives, regardless of the specialized nature of the teams within the organizational…

The post The evolution of a Threat Pattern appeared first on Speaking of Security – The RSA Blog.

Continue reading The evolution of a Threat Pattern→

Testing a Threat Pattern: Quality is Never an Accident

Posted on March 27, 2017 by Davide Veneziano

John Ruskin, one of the great visionaries of the 19th century, said “Quality is never an accident; it is always the result of intelligent effort”, in our continuing journey through the lifecycle of a threat pattern, we are now at the testing phase. After analyzing requirements, asset and threats, designing a general and reusable model for the threat pattern and implementing the…

The post Testing a Threat Pattern: Quality is Never an Accident appeared first on Speaking of Security – The RSA Blog.

Continue reading Testing a Threat Pattern: Quality is Never an Accident→

Are personas used in information security? (like in UX)

Posted on March 1, 2017 by Y-B Cause

In the UX field, personas are used to help designers think like the future end-users.

Is this technique also used in the field of information security, i.e. to think like a hacker in order to prioritize tests?

I’m very new … Continue reading Are personas used in information security? (like in UX)→

What’s the Impact of the CloudFlare Reverse Proxy Bug? ("#CloudBleed")

Posted on February 24, 2017 by Jeff Ferland

In Project Zero #1139, it was disclosed that CloudFlare had a bug which disclosed uninitialized memory, leaking private data sent through them via SSL. What’s the real impact?

Continue reading What’s the Impact of the CloudFlare Reverse Proxy Bug? ("#CloudBleed")→

Why threat modelling and risk planning does not consider the sex of users?

Posted on February 16, 2017 by Draif Kroneg

Isn’t it scientifically proven that men and women have very different psychologies? So that, at least they must have different attitudes towards security policies and guidelines compliance. All of that must have affect on soc… Continue reading Why threat modelling and risk planning does not consider the sex of users?→

Whatsapp is adding passwords: what is the threat model that they want to protect their users from?

Posted on February 10, 2017 by Fabio Turati

Whatsapp has announced that they are introducing 2FA to their service. Normally, services rely on a password (what you know), and adding 2FA means that they require an additional code sent via SMS to your phone (what you have… Continue reading Whatsapp is adding passwords: what is the threat model that they want to protect their users from?→

Threat Intelligence: ZerotoOne

Posted on January 27, 2017 by Amit Gupta

This article provides a complete overview of the purpose, market, and review of threat intelligence service along with value it brings to organizations. This will also help organizations looking…

Go on to the site to read the full article Continue reading Threat Intelligence: ZerotoOne→

Mastering the implementation of a Threat Pattern

Posted on January 25, 2017 by Demetrio Milea

In previous posts we have discussed two of the most critical phases in the “The Lifecycle of a Threat Pattern”: analysis and design. In the analysis phase the objective is to fully understand the asset in scope by getting deeper into the context to formulate a set of residual risks to which the asset might be…

The post Mastering the implementation of a Threat Pattern appeared first on Speaking of Security – The RSA Blog.

Continue reading Mastering the implementation of a Threat Pattern→

Engineering The Design Of A Threat Pattern

Posted on January 16, 2017 by Davide Veneziano

In our journey of developing and maintaining threat patterns, we have now arrived at a critical phase: the design. While the need of an implementation phase is immediate as well as the evaluation of the background analysis in order to build something meaningful (as explained by my colleague, Demetrio Milea) – the intermediate design phase is the…

The post Engineering The Design Of A Threat Pattern appeared first on Speaking of Security – The RSA Blog.

Continue reading Engineering The Design Of A Threat Pattern→

How do you scale threat modeling?

Posted on January 1, 2017 by Ben

Small threat models are relatively easy to build but building and maintaining a threat model that contains a few dozen components becomes difficult pretty quickly.

What tools do you use to collaborate across teams to build … Continue reading How do you scale threat modeling?→