SEARCH RESULTS
 
Showing 1-7 of 7 records
1
 
Expand article

STRIDE chart

2007-09-11 23:18:00 by sdl in The Security Development Lifecycle
 
...STRIDE per element process. His recent posts are " Threat Modeling, Once Again ," " Threat modeling again. Drawing the diagram ," " Threat Modeling Again: STRIDE ," " Threat modeling again, STRIDE mitigations ," " Threat modeling again, what does STRIDE have to do with threat modeling ," " Threat modeling again, STRIDE per element ," " Threat...
 
Tags: threat, stride, windows, windows source code, web site, stride mitigations, code, user, remote internet user
 
 
 
 
Expand article

The STRIDE per Element Chart

2007-10-29 23:06:46 by sdl in The Security Development Lifecycle
 
...STRIDE per element chart in the sixth post of my threat modeling series. Id like to talk about where its from, some of the issues that come with that heritage, and how you might customize it in your own threat modeling process Michael Howard and Shawn Hernan did an analysis of our bulletins and some CERT and CVE data. Their goal was to...
 
Tags: element chart, chart, stride, specific, specific threats, cve data, data, stride chart, threats
 
 
 
 
Expand article

The New Threat Modeling Process

The Article has images
2007-10-02 01:15:35 by sdl in The Security Development Lifecycle
...STRIDE/element For each element in your diagram, consider threats of the types indicated in this chart. (Well come back to the charts origins in a later post Theres an important mis-conception we often see, which is that STRIDE is appropriate for use as a classification system. Its really hard to use STRIDE to describe attacksthe impacts...
 
Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel
 
 
 
 
Expand article

Making Threat Modeling Work Better

The Article has images
2007-10-17 00:23:53 by sdl in The Security Development Lifecycle
...STRIDE/element chart. (Ill talk a lot more about its origins and limits in a few posts, but for now, lets pretend its gospel, and enumerates all possible threats.) Given this gospel, it becomes possible to step through the threat modeling diagram, turn the crank, and have threats come out. Item 7 is a data flow? Lets look for T,I and D....
 
Tags: threat, process, process helps ensure, developers threat model, database design process, security, trust boundaries, threat model, security experts
 
 
 
 
Expand article

Strategies for keeping disaster recovery on target

2008-05-17 00:00:00 by HASH0x8472e44 in Network World on Security
 
It was a normal Monday batch process at a well-respected global bank -- until, that is, a critical back-office system failed. At first, IT administrators took it in stride. This wasn't the only time they'd had to recover lost data. But soon it became clear something more ominous was occurring: the bank's multi-terabyte database had become corrupted
 
Tags: critical back-office system, bank, recover lost data, global bank, multi-terabyte database, time, ominous, stride, administrators
 
 
 
 
Expand article

Collaboration in the Cloud, Virtual Worlds and the Hacker Mindset

The Article has images
2008-07-17 15:51:24 by Craig Balding in Cloud Security
...STRIDE from Microsoft In a future post Ill talk more about threat profiling in the context of Cloud Computing vulnerability research and specific API security vulnerability classes we can expect to see exploited
 
Tags: virtual worlds, worlds, research, vulnerability research, security research, life, life property owners, life research community, collaboration
 
 
 
 
Expand article

ScienceLogics 5-Year Anniversary

The Article has images
2008-08-20 22:39:16 by Julia Lim in ScienceLogic
...stride and were just now reaching the tipping point in awareness of ScienceLogic and EM7. Were all still passionate about the product and as Chris and Rich said, theres still a lot do. Well continue disrupting the market with EM7. Our vision hasnt changed, and with the increasing levels of automation that customers demand, the market needs...
 
Tags: em7 completely flips, em7, network management, network management tools, em7 meta-appliance product, sciencelogic team, team, front, product front-end
 
 
 
 
 
Showing 1-7 of 7 records
1
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia