Skip to content

geoffrey-hill-tutamantic/rapid-threat-model-prototyping-docs

master
Switch branches/tags
Code

Rapid Threat Model Prototyping (RTMP) documents

This repository stores content that can be used to design a Rapid Threat Model Prototyping (RTMP) process for a software development group. The repository will contain process documents and eventually helper code to implement the RTMP process.

RTMP is a threat modelling technique that decreases the time to make a threat model while also enabling the process to become more streamlined and effective. The methodology lends itself to automation and inclusion in an Agile or DevOps workflow.

All files are covered under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

You can find out more here

files

=====

  1. 18q08.aug.Rapid Threat Model Prototyping.pptx
    • original presentation of RTMP process
  2. 18x14.nov.3.Rapid Threat Model Prototyping - step by step.draw.io sample diagram.xml
    • sample draw.io diagram to test the process
  3. 18x14.nov.3.Rapid Threat Model Prototyping - step by step.pptx
    • Walkthrough presentation of RTMP process,showing the steps
  4. 18x26.Tutamen HOWTO-Rapid Threat Model Prototyping.docx
    • in-depth walkthrough document of RTMP process, going into detail, with examples
  5. 18x26.Tutamen HOWTO-Rapid Threat Model Prototyping.pdf
    • same document as the docx above, but in pdf format
  6. 19f31.jan.TRAINING - Threat Modeling Introduction and RTMP.pptx
    • this slide deck contains actual training which can be systematically followed
  7. 19k27.may.Rapid Threat Model Prototyping.pptx
    • This new deck was created for OWASP AppSec Global Summit 2019 in Tel Aviv. It has the latest version.
  8. 19h20.mar.mapping table - STRIDE-OT10-CWE-OPC-ASVS.xlsx
    • This sheet will help a team to map the STRIDE threats to other frameworks to either find more specific threats or to find mitigations. This enables a team to not have the burden of maintaining Threat and Security Mitigation libraries.These are now based on the standard OWASP mitigation libraries.
  9. 19m04.jun.INFEU18_Geoffrey Hill - Rapid Threat Model Prototyping _PPT_Tech_Talks.pptx
    • Infosecurity Europe presentation
  10. Kill Chain.pptx
  • This shows the attack kill chain
  1. 20g04.feb.Broadlight.Geoffrey Hill - Rapid Threat Model Prototyping.pptx
  • Broad presentation done Feb 04, 2020

About

This repository stores content that can be used to design a Rapid Threat Model Prototyping process for a software development group.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published