SecurityRatty: tag: stride

STRIDE chart

2007-09-11 23:18:00 by sdl in The Security Development Lifecycle

...STRIDE per element process. His recent posts are " Threat Modeling, Once Again ," " Threat modeling again. Drawing the diagram ," " Threat Modeling Again: STRIDE ," " Threat modeling again, STRIDE mitigations ," " Threat modeling again, what does STRIDE have to do with threat modeling ," " Threat modeling again, STRIDE per element ," " Threat...

Tags: threat, stride, windows, windows source code, web site, stride mitigations, code, user, remote internet user

The STRIDE per Element Chart

2007-10-29 23:06:46 by sdl in The Security Development Lifecycle

...STRIDE per element chart in the sixth post of my threat modeling series. Id like to talk about where its from, some of the issues that come with that heritage, and how you might customize it in your own threat modeling process Michael Howard and Shawn Hernan did an analysis of our bulletins and some CERT and CVE data. Their goal was to...

Tags: element chart, chart, stride, specific, specific threats, cve data, data, stride chart, threats

The New Threat Modeling Process

2007-10-02 01:15:35 by sdl in The Security Development Lifecycle

...STRIDE/element For each element in your diagram, consider threats of the types indicated in this chart. (Well come back to the charts origins in a later post Theres an important mis-conception we often see, which is that STRIDE is appropriate for use as a classification system. Its really hard to use STRIDE to describe attacksthe impacts...

Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel

Making Threat Modeling Work Better

2007-10-17 00:23:53 by sdl in The Security Development Lifecycle

...STRIDE/element chart. (Ill talk a lot more about its origins and limits in a few posts, but for now, lets pretend its gospel, and enumerates all possible threats.) Given this gospel, it becomes possible to step through the threat modeling diagram, turn the crank, and have threats come out. Item 7 is a data flow? Lets look for T,I and D....

Tags: threat, process, process helps ensure, developers threat model, database design process, security, trust boundaries, threat model, security experts

Strategies for keeping disaster recovery on target

2008-05-17 00:00:00 by HASH0x8472e44 in Network World on Security

It was a normal Monday batch process at a well-respected global bank -- until, that is, a critical back-office system failed. At first, IT administrators took it in stride. This wasn't the only time they'd had to recover lost data. But soon it became clear something more ominous was occurring: the bank's multi-terabyte database had become corrupted

Tags: critical back-office system, bank, recover lost data, global bank, multi-terabyte database, time, ominous, stride, administrators

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo