Anzeige
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling

Check these out next

Updated Resume_ram
Updated Resume_ram
ramudu k
Api server final
Api server final
Inayat Sharief
Saml sso by Tamil on nullblrmeet 21st July 2015
Saml sso by Tamil on nullblrmeet 21st July 2015
n|u - The Open Security Community
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.Net
Shivanand Arur
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_ppt
Shivanand Arur
Building an SSO platform in php (Zendcon 2010)
Building an SSO platform in php (Zendcon 2010)
Ivo Jansch
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
Artur Barseghyan
Session2(Mod)
Session2(Mod)
mccmepco
1 von 21

[Lithuania] Introduction to threat modeling

26. Oct 2015
Downloaden Sie, um offline zu lesen
Internet

Introduction to threat modeling. Audrius Kovalenko.

OWASP EEE
OWASP
Anzeige
Anzeige
Anzeige

Recomendados

Security of Web Applications: Top 6 Risks To AvoidSecurity of Web Applications: Top 6 Risks To Avoid
Security of Web Applications: Top 6 Risks To Avoidslicklash1.9K Aufrufe35 Folien
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat Modelingslicklash841 Aufrufe21 Folien
Selenium -Test automation for web applicationsSelenium -Test automation for web applications
Selenium -Test automation for web applicationsAnisGhelissi128 Aufrufe33 Folien
تست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانیتست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانی
تست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانیirpycon652 Aufrufe23 Folien
Intro to silverlight_20110602Intro to silverlight_20110602
Intro to silverlight_20110602Ethos Technologies335 Aufrufe12 Folien
Security Threats and Solutions of Cloud ComputingSecurity Threats and Solutions of Cloud Computing
Security Threats and Solutions of Cloud ComputingKartik Shenoy209 Aufrufe19 Folien

Más contenido relacionado

Presentaciones para ti(20)

Updated Resume_ramUpdated Resume_ram
Updated Resume_ram
ramudu k169 Aufrufe
Api server finalApi server final
Api server final
Inayat Sharief133 Aufrufe
Saml sso by Tamil on nullblrmeet 21st July 2015Saml sso by Tamil on nullblrmeet 21st July 2015
Saml sso by Tamil on nullblrmeet 21st July 2015
n|u - The Open Security Community1.2K Aufrufe
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.Net
Shivanand Arur12.6K Aufrufe
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_ppt
Shivanand Arur2.9K Aufrufe
Building an SSO platform in php (Zendcon 2010)Building an SSO platform in php (Zendcon 2010)
Building an SSO platform in php (Zendcon 2010)
Ivo Jansch11.1K Aufrufe
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
Artur Barseghyan7.6K Aufrufe
Session2(Mod)Session2(Mod)
Session2(Mod)
mccmepco569 Aufrufe
CAS EnhancementCAS Enhancement
CAS Enhancement
Guo Albert1.6K Aufrufe
Silent invasionSilent invasion
Silent invasion
Erison Silva37 Aufrufe
Visi Flex Accelerator FrameworkVisi Flex Accelerator Framework
Visi Flex Accelerator Framework
efinver385 Aufrufe
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
Danny Jessee7.8K Aufrufe
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises Development
Edin Kapic499 Aufrufe
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
Programming Talents2.1K Aufrufe
SAML and LiferaySAML and Liferay
SAML and Liferay
Mika Koivisto5.6K Aufrufe
IBM Single Sign-OnIBM Single Sign-On
IBM Single Sign-On
Van Staub, MBA5.8K Aufrufe
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten Minutes
Andrew Petro4.8K Aufrufe
Introduction to yzs code generatorIntroduction to yzs code generator
Introduction to yzs code generator
YZSolution, Inc.339 Aufrufe
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
Danny Jessee6.2K Aufrufe
Building a chat app with windows azure mobileBuilding a chat app with windows azure mobile
Building a chat app with windows azure mobile
Flavius-Radu Demian1.4K Aufrufe

Destacado(12)

[Russia] Node.JS - Architecture and Vulnerabilities[Russia] Node.JS - Architecture and Vulnerabilities
[Russia] Node.JS - Architecture and Vulnerabilities
OWASP EEE560 Aufrufe
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
OWASP EEE430 Aufrufe
[Bucharest] XML Based Attacks[Bucharest] XML Based Attacks
[Bucharest] XML Based Attacks
OWASP EEE610 Aufrufe
[Poland] It's only about frontend[Poland] It's only about frontend
[Poland] It's only about frontend
OWASP EEE518 Aufrufe
[Austria] Security by Design[Austria] Security by Design
[Austria] Security by Design
OWASP EEE665 Aufrufe
Dia da MúsicaDia da Música
Dia da Música
Paulo Antunes1.2K Aufrufe
RESUME OF MAHFUZUR RAHMAN_Oct' 15RESUME OF MAHFUZUR RAHMAN_Oct' 15
RESUME OF MAHFUZUR RAHMAN_Oct' 15
Mahfuzur Rahman315 Aufrufe
[Lithuania] DigiCerts and DigiID to Enterprise apps[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise apps
OWASP EEE350 Aufrufe
[Lithuania] I am the cavalry[Lithuania] I am the cavalry
[Lithuania] I am the cavalry
OWASP EEE537 Aufrufe
[Cluj] CSP (Content Security Policy)[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)
OWASP EEE569 Aufrufe
[Russia] Give me a stable input[Russia] Give me a stable input
[Russia] Give me a stable input
OWASP EEE335 Aufrufe
[Russia] MySQL OOB injections[Russia] MySQL OOB injections
[Russia] MySQL OOB injections
OWASP EEE1.4K Aufrufe
Anzeige

Similar a [Lithuania] Introduction to threat modeling(20)

Joe Staner Zend Con 2008Joe Staner Zend Con 2008
Joe Staner Zend Con 2008
ZendCon1.1K Aufrufe
J2 Ee Vs. .Net WorkshopJ2 Ee Vs. .Net Workshop
J2 Ee Vs. .Net Workshop
danglvh1.1K Aufrufe
Pragatheswarakumar_v1.0Pragatheswarakumar_v1.0
Pragatheswarakumar_v1.0
Pragatheswarakumar kandasamy393 Aufrufe
Writing Mobile Apps in the cloud with FeedHenryWriting Mobile Apps in the cloud with FeedHenry
Writing Mobile Apps in the cloud with FeedHenry
Cian Clarke1.2K Aufrufe
2010.11.27 - ITSpark ofline meeting #1, Cluj - Arhitecturi in Windows Azure (...2010.11.27 - ITSpark ofline meeting #1, Cluj - Arhitecturi in Windows Azure (...
2010.11.27 - ITSpark ofline meeting #1, Cluj - Arhitecturi in Windows Azure (...
ITSpark Community316 Aufrufe
Shanoj_ResumeShanoj_Resume
Shanoj_Resume
Shanoj Madappallil136 Aufrufe
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App Fabric
Spiffy1.5K Aufrufe
Trusted by Default: The Forge Security & Privacy ModelTrusted by Default: The Forge Security & Privacy Model
Trusted by Default: The Forge Security & Privacy Model
Atlassian6.7K Aufrufe
website phishing by NRwebsite phishing by NR
website phishing by NR
NARESH GUMMAGUTTA303 Aufrufe
Pentesting With Web Services in 2012Pentesting With Web Services in 2012
Pentesting With Web Services in 2012
Ishan Girdhar3K Aufrufe
Presentation simulationPresentation simulation
Presentation simulation
Md. Touhidur Rahman118 Aufrufe
Dot net training bangaloreDot net training bangalore
Dot net training bangalore
IGEEKS TECHNOLOGIES747 Aufrufe
Partying with PHP (…and the Microsoft Platform)Partying with PHP (…and the Microsoft Platform)
Partying with PHP (…and the Microsoft Platform)
goodfriday985 Aufrufe
SummerinternshipSummerinternship
Summerinternship
Kiran Kumar1.6K Aufrufe
API Testing and Hacking (1).pdfAPI Testing and Hacking (1).pdf
API Testing and Hacking (1).pdf
Vishwas N152 Aufrufe
API Testing and Hacking.pdfAPI Testing and Hacking.pdf
API Testing and Hacking.pdf
Vishwas N48 Aufrufe
API Testing and Hacking.pdfAPI Testing and Hacking.pdf
API Testing and Hacking.pdf
VishwasN611 Aufrufe
Resume_A_VinodResume_A_Vinod
Resume_A_Vinod
Vinod Reddy96 Aufrufe
PPT with Flash ryPPT with Flash ry
PPT with Flash ry
marina2207555 Aufrufe
PeopleSoft: HACK THE Planet^W universityPeopleSoft: HACK THE Planet^W university
PeopleSoft: HACK THE Planet^W university
Dmitry Iudin329 Aufrufe

Más de OWASP EEE(17)

[Austria] ZigBee exploited[Austria] ZigBee exploited
[Austria] ZigBee exploited
OWASP EEE712 Aufrufe
[Austria] How we hacked an online mobile banking Trojan[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking Trojan
OWASP EEE654 Aufrufe
[Poland] SecOps live cooking with OWASP appsec tools[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec tools
OWASP EEE460 Aufrufe
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
OWASP EEE405 Aufrufe
[Cluj] Information Security Through Gamification[Cluj] Information Security Through Gamification
[Cluj] Information Security Through Gamification
OWASP EEE551 Aufrufe
[Cluj] A distributed - collaborative client certification system[Cluj] A distributed - collaborative client certification system
[Cluj] A distributed - collaborative client certification system
OWASP EEE163 Aufrufe
[Russia] Bugs -> max, time <= T[Russia] Bugs -> max, time <= T
[Russia] Bugs -> max, time <= T
OWASP EEE344 Aufrufe
[Russia] Building better product security[Russia] Building better product security
[Russia] Building better product security
OWASP EEE381 Aufrufe
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
OWASP EEE773 Aufrufe
[Hungary] I play Jack of Information Disclosure[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information Disclosure
OWASP EEE509 Aufrufe
[Hungary] Survival is not mandatory. The air force one has departured are you...[Hungary] Survival is not mandatory. The air force one has departured are you...
[Hungary] Survival is not mandatory. The air force one has departured are you...
OWASP EEE378 Aufrufe
[Hungary] Secure Software? Start appreciating your developers![Hungary] Secure Software? Start appreciating your developers!
[Hungary] Secure Software? Start appreciating your developers!
OWASP EEE237 Aufrufe
[Bucharest] Your intents are dirty, droid![Bucharest] Your intents are dirty, droid!
[Bucharest] Your intents are dirty, droid!
OWASP EEE389 Aufrufe
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide
OWASP EEE516 Aufrufe
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security
OWASP EEE1.1K Aufrufe
[Bucharest] Reversing the Apple Sandbox[Bucharest] Reversing the Apple Sandbox
[Bucharest] Reversing the Apple Sandbox
OWASP EEE338 Aufrufe
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
OWASP EEE788 Aufrufe
Anzeige

Último(20)

BKNIX Peering Forum 2023: APNIC Measurement UpdateBKNIX Peering Forum 2023: APNIC Measurement Update
BKNIX Peering Forum 2023: APNIC Measurement Update
APNIC6 Aufrufe
英国纽卡斯尔大学毕业证文凭成绩单制作指南英国纽卡斯尔大学毕业证文凭成绩单制作指南
英国纽卡斯尔大学毕业证文凭成绩单制作指南
abecue2 Aufrufe
英国伦敦国王学院毕业证文凭成绩单制作指南英国伦敦国王学院毕业证文凭成绩单制作指南
英国伦敦国王学院毕业证文凭成绩单制作指南
abecue2 Aufrufe
MSFT MAIW Data Mod - Session 1 Deck_Why Migrate your databases to Azure_Sept ...MSFT MAIW Data Mod - Session 1 Deck_Why Migrate your databases to Azure_Sept ...
MSFT MAIW Data Mod - Session 1 Deck_Why Migrate your databases to Azure_Sept ...
ssuser01a66e0 Aufrufe
【本科生、研究生】美国康伯斯威尔大学毕业证文凭购买指南【本科生、研究生】美国康伯斯威尔大学毕业证文凭购买指南
【本科生、研究生】美国康伯斯威尔大学毕业证文凭购买指南
akuufux0 Aufrufe
Growth Strategy Growth Strategy
Growth Strategy
Prasanna Hegde2 Aufrufe
【本科生、研究生】新西兰维特利亚理工学院毕业证文凭购买指南【本科生、研究生】新西兰维特利亚理工学院毕业证文凭购买指南
【本科生、研究生】新西兰维特利亚理工学院毕业证文凭购买指南
sutseu0 Aufrufe
Accounting 710 Emama.pptxAccounting 710 Emama.pptx
Accounting 710 Emama.pptx
SREMON3 Aufrufe
【本科生、研究生】美国加州大学洛杉矶分校毕业证文凭购买指南【本科生、研究生】美国加州大学洛杉矶分校毕业证文凭购买指南
【本科生、研究生】美国加州大学洛杉矶分校毕业证文凭购买指南
akuufux0 Aufrufe
Hybrid App Development (1) (1).pdfHybrid App Development (1) (1).pdf
Hybrid App Development (1) (1).pdf
Sanjaysharma9946542 Aufrufe
intitution_support.pptxintitution_support.pptx
intitution_support.pptx
Harini Sai0 Aufrufe
OUATTARAAboulaye-GL23_SRWE_02-certificate.pdfOUATTARAAboulaye-GL23_SRWE_02-certificate.pdf
OUATTARAAboulaye-GL23_SRWE_02-certificate.pdf
AboulayeOuattara21 Aufruf
Empowering Warehouse Operations Seamless WiFi Service in New York.pdfEmpowering Warehouse Operations Seamless WiFi Service in New York.pdf
Empowering Warehouse Operations Seamless WiFi Service in New York.pdf
SliceWirelessSolutio4 Aufrufe
【本科生、研究生】新西兰林肯大学毕业证文凭购买指南【本科生、研究生】新西兰林肯大学毕业证文凭购买指南
【本科生、研究生】新西兰林肯大学毕业证文凭购买指南
sutseu0 Aufrufe
【本科生、研究生】美国罗格斯大学毕业证文凭购买指南【本科生、研究生】美国罗格斯大学毕业证文凭购买指南
【本科生、研究生】美国罗格斯大学毕业证文凭购买指南
yqgyb0 Aufrufe
Datacom Section 8 - NetworkManagment.pptDatacom Section 8 - NetworkManagment.ppt
Datacom Section 8 - NetworkManagment.ppt
Kristopher Hefner2 Aufrufe
【本科生、研究生】德国哥廷根大学毕业证文凭购买指南【本科生、研究生】德国哥廷根大学毕业证文凭购买指南
【本科生、研究生】德国哥廷根大学毕业证文凭购买指南
akuufux0 Aufrufe
Al Pacino, 83, Expecting Fourth Child with Girlfriend, Noor Alfallah, 29Al Pacino, 83, Expecting Fourth Child with Girlfriend, Noor Alfallah, 29
Al Pacino, 83, Expecting Fourth Child with Girlfriend, Noor Alfallah, 29
ShaktimanGurung2 Aufrufe
dtrace_topics_intro.pdfdtrace_topics_intro.pdf
dtrace_topics_intro.pdf
ssuser785ce211 Aufruf
How to make money blogging How to make money blogging
How to make money blogging
Abdul Waseem0 Aufrufe

[Lithuania] Introduction to threat modeling

  1. Introduction to threat modeling OWASP EEE 2015
  2. About me Audrius Kovalenko | @slicklash NOT Computer Security Expert Just a developer
  3. Prelude
  4. Princess in your possession
  5. You’ve built a castle for a princess
  6. Thieves want to take her away
  7. Your castle has a weakness “dead” zones
  8. You guard them mitigation
  9. Threat modeling software project
  10. What are you building? data flow diagram
  11. Decomposition roles User Roles Name Description Authentication Admin Administrators have complete and unrestricted access to Notices, Partner Accounts and Logs. Windows Partner Partners can create, read and update Notices. Basic User Users can read and update Notices. Forms Service Roles Name Description Authentication APP Role Identity APP is running as. Windows Integrated (ApplicationPoolIndentity) SVC Role Identity SVC is running as. Windows Integrated (Local System) MSMQ Role Identity MSMQ is running as. Windows Integrated (Network Service)
  12. Decomposition (2) components Components Name Roles Type Run As Communication Channel Technology Uses APP Admin User Website APP Role HTTPS C#, ASP.NET MVC 5 Cryptography, File I/O API Partner Website API Role HTTPS C#, ASP.NET MVC 5 Cryptography, File I/O SVC MSMQ Windows Service SVC Role TCP/IP C# Cryptography, File I/O
  13. Decomposition (3) data Data Name Description Data Elements Data Stores Form Defines structure of a Notice Fields Database Access Control Role Access Control Remarks Admin C R U D Partner R Limited information. Form must be published. User
  14. What can go wrong? card games
  15. What can go wrong? (2) checklists CAPEC https://capec.mitre.org/data/index.html OWASP ASVS https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification... OWASP AppSensor https://www.owasp.org/index.php/AppSensor_DetectionPoints
  16. How to prioritize? convert threat to risk Risk Loss event frequence Loss magnitude Threat event frequence prob. Threat agent actions result in loss
  17. How to mitigate? raise the cost Time Skills Money etc. capability
  18. How to make it work for you? Practice Experience Reflection Theory find your own way
  19. Books FAIR STRIDE PASTA
  20. Resources OWASP Cornucopia https://www.owasp.org/index.php/OWASP_Cornucopia EoP Card Game https://www.microsoft.com/en-us/SDL/adopt/eop.aspx STRIDE http://blogs.microsoft.com/cybertrust/2007/09/11/stride-chart FAIR http://www.risklens.com/what-is-fair SAFECode http://www.safecode.org/publications
  21. QA
Anzeige