Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
21 additions
and
19 deletions.
There are no files selected for viewing
File renamed without changes.
File renamed without changes
File renamed without changes
36 changes: 18 additions & 18 deletions
36
...-Tier-Web-App-IriusRisk-Example/README.md → IriusRisk/3-Tier-Web-App/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,19 +1,19 @@ | ||
| # Example of a Threat Model of a fictitious 3 Tier Web Application | ||
|
|
||
| This fictitious application exposes a Web UI on the internet and has a Web API and Database hosted on a public cloud provider. | ||
|
|
||
| ## Contents | ||
| ### What are we building? | ||
| - See the Dataflow Diagram.png | ||
| - The first few pages of the Threat Model and Risk Report PDF file contain the answers to questions that define how the individual components behave and are configured. | ||
|
|
||
| ### What can go wrong? | ||
| - See the Table of Threats | ||
| - The last section of the PDF report contains a table of threats, the planned mitigation and the status of the countermeasure progress | ||
|
|
||
| ### What are we going to do about it? | ||
| - The last section of the PDF report contains a table that describes how each of the threats are going to be mitigated (if at all). | ||
| - In the same PDF report, the "Risks Accepted" table describes risks that are not going to be mitigated. | ||
|
|
||
| ### Did we do a good job? | ||
| # Example of a Threat Model of a fictitious 3 Tier Web Application | ||
|
|
||
| This fictitious application exposes a Web UI on the internet and has a Web API and Database hosted on a public cloud provider. | ||
|
|
||
| ## Contents | ||
| ### What are we building? | ||
| - See the Dataflow Diagram.png | ||
| - The first few pages of the Threat Model and Risk Report PDF file contain the answers to questions that define how the individual components behave and are configured. | ||
|
|
||
| ### What can go wrong? | ||
| - See the Table of Threats | ||
| - The last section of the PDF report contains a table of threats, the planned mitigation and the status of the countermeasure progress | ||
|
|
||
| ### What are we going to do about it? | ||
| - The last section of the PDF report contains a table that describes how each of the threats are going to be mitigated (if at all). | ||
| - In the same PDF report, the "Risks Accepted" table describes risks that are not going to be mitigated. | ||
|
|
||
| ### Did we do a good job? | ||
| - This is not answered by an output from this threat modeling tool. |
Binary file renamed
BIN
+46 KB
...ble of Countermeasures_3-tier-web-app.xls → ...ble of Countermeasures_3-tier-web-app.xls
Binary file not shown.
Binary file renamed
BIN
+19 KB
...ample/Table of Threats_3-tier-web-app.xls → ...b-App/Table of Threats_3-tier-web-app.xls
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| Examples using the IriusRisk threat modeling tool from ContinuumSecurity. | ||
|
|
||
| https://continuumsecurity.net/threat-modeling-tool/ |
This file was deleted.
Oops, something went wrong.