Guerrilla Threat Modelling (or 'Threat Modeling' if you're American)

re: High-Level Threat Modelling Process

Office Development, Security, Randomness... — Wed, 23 Feb 2005 04:54:00 GMT

Guerrilla Threat Modelling

Dana Epp's ramblings at the Sanctuary — Wed, 23 Feb 2005 09:12:00 GMT

Peter Torr has done it again. He has written an EXCELLENT article on writing a practical threat model... getting rid of the cruft of useless theory and applying real-world experience to how to get it done. If you are part of a team that needs a no nonsense approach to threat modeling, you should read his article on "Guerrilla Threat Modelling". Well worth the investment in time. Peter, a suggestion. Follow up this article with another one actually writing attack trees. Then I can point people to your two articles instead of constantly having to explain this to them. :)...

Guerrilla Threat Modelling

Robert Hurlbut's .NET Blog — Wed, 23 Feb 2005 21:23:00 GMT

re: Guerrilla Threat Modelling

Anton — Wed, 23 Feb 2005 20:57:00 GMT

What if a processes is done on a machine that you do not trust? In that case, even if it's your own code that is running there (initially), it might be modified and become a process you don't trust anymore. Wouldn't that be a reason to allow circles to be red? For example, any process done in an ATM should not be trusted by the banks central server.

re: Guerrilla Threat Modelling

Peter Torr — Thu, 24 Feb 2005 00:26:00 GMT

That's a good question. This would be covered by a red rectangle -- since the remote machine is not under your control, it should be modelled as untrusted.

Also it is unlikely that you would be modelling the client at the same time you modelled the server. That might happen if you were doing a protocol analysis, but typically for threat modelling you would do each component separately (to avoid making assumptions!)

re: Guerrilla Threat Modelling

WifeOfHairyApe — Thu, 24 Feb 2005 03:30:00 GMT

Did you know that gorillas can analogly sign?
Evidence: http://www.koko.org/world/journal.phtml
(Warning: very cute!)

Guerrillas probably can too, but that's probably not nearly as sweet :-s

re: Guerrilla Threat Modelling

Peter Torr — Thu, 24 Feb 2005 03:33:00 GMT

Now that's a creative and funny use of the "signing" meme, so I let it through :-)

Threat Modeling book review

Sergey Simakov blog — Thu, 24 Feb 2005 10:17:00 GMT

re: Guerrilla Threat Modelling

Stuart Ballard — Fri, 25 Feb 2005 17:28:00 GMT

Hi, This isn't relevant to this post in particular but the post it is relevant to is back in November and comments are closed. I've been trying to use the approach you and Shawn Farkas recommended to create a sandboxed AppDomain[1]. The issue I'm having is with your advice to set a separate ApplicationBase for the sandbox domain. The problem is that I then need to inject my own assembly into the sandbox, and there doesn't appear to be an AppDomain.LoadAssemblyFrom() which would allow me to load my assembly into the sandbox from a path other than the ApplicationBase. I understand the reason why I *want* to set a separate ApplicationBase. But when I actually *do* it, I can't get my assembly in there so *nothing* works. Any suggestions? [1] I'm also having some other weird issues (GetCustomAttributes appears not to be working as I'd expect it to unless I grant the whole appdomain FullTrust) but until I can produce a reduced testcase I'll worry about that one by myself.

re: Guerrilla Threat Modelling (or 'Threat Modeling' if you're American)

Paul Stubbs — Mon, 28 Feb 2005 04:37:00 GMT

I would like to take credit for being the inspiration for Peter's bad Threat Modeling stories.

re: Guerrilla Threat Modelling (or 'Threat Modeling' if you're American)

yummu — Mon, 28 Feb 2005 05:42:00 GMT

What's a "signing meme"?

You haven't mentioned either of those words in your post. Or am I being stupid?

re: Guerrilla Threat Modelling (or 'Threat Modeling' if you're American)

Peter Torr — Mon, 28 Feb 2005 07:16:00 GMT

Paul: I'm afraid that the Oscar for "Worst Performance in a Threat Model Review" doesn't go to you... maybe next year? :-)

Yummu: It's a slashdot thing. People repeating the same tired jokes about digital signatures due to my previous post on Firefox.

re: Guerrilla Threat Modelling (or 'Threat Modeling' if you're American)

Joe — Wed, 23 Mar 2005 01:27:00 GMT

Very good article, I learned a lot from it. Thank you :D

re: Guerrilla Threat Modelling (or 'Threat Modeling' if you're American)

Greg — Thu, 21 Apr 2005 00:04:28 GMT

Beautiful treatese on DFDs for threat modeling. I've been looking for information like this.

I'd love to see you do the same number on Threat Trees.

Thanks!

Greg

What is Microsoft doing for security?

Office Development, Security, Randomness... — Wed, 17 Aug 2005 05:32:47 GMT

A recent comment on the IE Blog made it pretty apparent that not everybody is aware...

High Level Network Threat Modeling

ptorr — Fri, 02 Sep 2005 00:04:42 GMT

Dana Epp has a great article at http://silverstr.ufies.org/blog/archives/000851.html

Windows SDK: Getting it all out the dang door...

Jason Sacks's Windows SDK blog — Wed, 04 Oct 2006 07:48:14 GMT

As I mentioned last week, we're starting to really get down to those old brass tacks when it comes to

ActiveX安全：改进和最佳实践

黑石 — Tue, 16 Jan 2007 05:01:40 GMT

概述

本文的主要内容

本文主要描述了在InternetExplorer7中，通过默认的

Security Development Lifecycle - Overview

Ashish Jaiman's Blog — Fri, 23 Feb 2007 14:13:14 GMT

The goals of Security Development Lifecycle (SDL) is to reduce the number of security related design

How to create threat models quickly

Francisco Ruiz From Málaga (Spain) — Tue, 03 Apr 2007 14:33:21 GMT

Hello, Peter Torr, in an excellent article titled "Guerrilla Threat Modelling" at http://blogs.msdn.com/ptorr/archive/2005/02/22/GuerillaThreatModelling.aspx,...