[WEB SECURITY] Application Threat Modeling.

Christian Frichot xntrik at gmail.com
Thu May 27 20:59:21 EDT 2010

Hi Sean,

You should also check out OWASP's OpenSAMM whilst your checking out CLASP
and BSIMM.



On Fri, May 28, 2010 at 6:23 AM, Sean Bates <seanmbates at gmail.com> wrote:

> I am looking for some advice on how to start an Application Threat
> Modeling initiative at my company. This activity is part of our
> overall strategy for protecting our web assets. My question is
> specifically based around how to start this program. I am looking for
> success stories, training, books, gotcha's, effective tools and
> general experiences that you have had with the process. I have looked
> at Microsoft's Visio plug-in and played with it but don't really have
> a feel for how effective the tool and the process are. So any advice
> that you could offer in regards to starting this program would be
> greatly appreciated.
> Sean
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA

Christian Frichot
Perth OWASP Chapter
e: xntrik at gmail.com
t: @xntrik
w: http://un-excogitate.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100528/2837afe7/attachment.html>

More information about the websecurity mailing list