Rapid Threat Model Prototyping (RTMP) documents
This repository stores content that can be used to design a Rapid Threat Model Prototyping (RTMP) process for a software development group. The repository will contain process documents and eventually helper code to implement the RTMP process.
RTMP is a threat modelling technique that decreases the time to make a threat model while also enabling the process to become more streamlined and effective. The methodology lends itself to automation and inclusion in an Agile or DevOps workflow.
All files are covered under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
You can find out more here
- Aug 2018 - London DevSecOps talk audio
- Feb 2019 - Application Security Podcast (S04E26), The Rapid Threat Model Prototyping Process audio
- 18q08.aug.Rapid Threat Model Prototyping.pptx
- original presentation of RTMP process
- 18x14.nov.3.Rapid Threat Model Prototyping - step by step.draw.io sample diagram.xml
- sample draw.io diagram to test the process
- 18x14.nov.3.Rapid Threat Model Prototyping - step by step.pptx
- Walkthrough presentation of RTMP process,showing the steps
- 18x26.Tutamen HOWTO-Rapid Threat Model Prototyping.docx
- in-depth walkthrough document of RTMP process, going into detail, with examples
- 18x26.Tutamen HOWTO-Rapid Threat Model Prototyping.pdf
- same document as the docx above, but in pdf format
- 19f31.jan.TRAINING - Threat Modeling Introduction and RTMP.pptx
- this slide deck contains actual training which can be systematically followed
- 19k27.may.Rapid Threat Model Prototyping.pptx
- This new deck was created for OWASP AppSec Global Summit 2019 in Tel Aviv. It has the latest version.
- 19h20.mar.mapping table - STRIDE-OT10-CWE-OPC-ASVS.xlsx
- This sheet will help a team to map the STRIDE threats to other frameworks to either find more specific threats or to find mitigations. This enables a team to not have the burden of maintaining Threat and Security Mitigation libraries.These are now based on the standard OWASP mitigation libraries.
- 19m04.jun.INFEU18_Geoffrey Hill - Rapid Threat Model Prototyping _PPT_Tech_Talks.pptx
- Infosecurity Europe presentation
- Kill Chain.pptx
- This shows the attack kill chain
- 20g04.feb.Broadlight.Geoffrey Hill - Rapid Threat Model Prototyping.pptx
- Broad presentation done Feb 04, 2020