Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

OWASP Threat Dragon!

Threat Modeling Application Released By OWASP: Threat Dragon 1.0

March 04, 2020 by Marc Handelman in OWASP, Threat Modeling, Information Security

Big News in the Threat Modeling racket: OWASP has released version 1.0 of it's highly awaited threat modeling platform as a free, open source and cross-platform tool. Monikered OWASP Threat Dragon, installers have been built, the rule engine is in-place, integration with other tools is live and an ostensibly well-crafted UX comes with the package; Threat Dragon is available in two forms - a web version and desktop bits. Download the desktop via GitHub; let the modeling commence!

Behold: An OWASP Threat Dragon Diagramming UX

March 04, 2020 /Marc Handelman
OWASP, Threat Modeling, Information Security

OWASP Appsec Tel Aviv 2019, Isaiah Sarju's 'How Online Dating Made Me Better At Threat Modeling' →

August 15, 2019 by Marc Handelman in OWASP, OWASP Appsec Tel Aviv, Threat Intelligence, Threat Modeling, Conferences, Education, Information Security, Application Security

Isaiah Sarju is a Co-Owner of Revis Solutions

August 15, 2019 /Marc Handelman
OWASP, OWASP Appsec Tel Aviv, Threat Intelligence, Threat Modeling, Conferences, Education, Information Security, Application Security

OWASP Appsec Tel Aviv 2019, Izar Tarandach's 'What Do You Mean Threat Model Every Story' →

August 14, 2019 by Marc Handelman in OWASP Appsec Tel Aviv, OWASP, Application Security, Information Security, Threat Modeling, Threat Intelligence, Education, Conferences

Izar Tarandach is a Lead Product Security Architect at Autodesk

August 14, 2019 /Marc Handelman
OWASP Appsec Tel Aviv, OWASP, Application Security, Information Security, Threat Modeling, Threat Intelligence, Education, Conferences

OWASP Appsec Tel Aviv 2019, Geoffrey Hill's 'Bringing Rapid Prototyping To The Threat Model Process' →

August 01, 2019 by Marc Handelman in OWASP Appsec Tel Aviv, OWASP, Information Security, Threat Modeling, Threat Intelligence, Threat Hunting, Conferences, Application Security

Geoffrey Hill - Founder and CEO of Tutamantic Security.

August 01, 2019 /Marc Handelman
OWASP Appsec Tel Aviv, OWASP, Information Security, Threat Modeling, Threat Intelligence, Threat Hunting, Conferences, Application Security

BSides Columbus 2019, Isaiah Sarju's 'How Online Dating Made Me Better At Threat Modeling' →

March 19, 2019 by Marc Handelman in Irongeek, Information Security, Threat Modeling, Education, Conferences, BSides Columbus

Videography Credit: Irongeek (Adrian Crenshaw, et. al). Please visit Irongeek for additional videographer credits and important information. Enjoy!

March 19, 2019 /Marc Handelman
Irongeek, Information Security, Threat Modeling, Education, Conferences, BSides Columbus

Blackhat 2018, Adam Shostack's 'Threat Modeling In 2018'

December 04, 2018 by Marc Handelman in Information Security, Threat Modeling

And, here's Adam's sldies, Enjoy.

December 04, 2018 /Marc Handelman
Information Security, Threat Modeling

Threat Rumination

September 21, 2018 by Marc Handelman in Threat Modeling, Information Security

Tremendous piece on threat modeling, practitioner behviors, and a book... Tidily wrapped up and ready for examination for the thoughtful Threat Modeler amongst us by the eoponymous Adam Shostack, at his blog. Friday's Must Read.

September 21, 2018 /Marc Handelman
Threat Modeling, Information Security

Circle City Con 5.0 2018, Kyle Ehmke's 'Applying Thermodynamic Principles to Threat Intelligence' →

July 15, 2018 by Marc Handelman in Conferences, Education, Information Security, Threat Intel Reporting, Threat Intelligence, Threat Modeling, Circle City Con
July 15, 2018 /Marc Handelman
Conferences, Education, Information Security, Threat Intel Reporting, Threat Intelligence, Threat Modeling, Circle City Con

Well-crafted by Pinterest User and Lego Master Andrew Becraft, also Here...

Modeling Threats, The Regalia Of Precision

July 06, 2018 by Marc Handelman in Threat Modeling, Threat Intelligence, Information Security

Crispin Cowan of Leviathan Security, illuminates a vital component of both Information Security and Cyber Security with superb precision in his post The Calculus of Threat Modeling at the Leviathan Security Blog. Detailing both the Theory and Practice of Threat Modeling - his well-crafted thought processes are clearly presented and eminently defensible. If you read anything today on Threat Modeling, read Cripsin's work, you'll be glad you did! Certainement, il Faut Lire Aujourd Hui H/T

July 06, 2018 /Marc Handelman
Threat Modeling, Threat Intelligence, Information Security

via Luke Kingma & Lou Patrick-Mackay at Futurism Cartoons

Luke Kingma & Lou Patrick-Mackay's, 'Threat Modeling' →

June 15, 2018 by Marc Handelman in Futurists, FuturismCartoons, Threat Modeling
June 15, 2018 /Marc Handelman
Futurists, FuturismCartoons, Threat Modeling

NDC Security 2018, Aaron Bedra's 'Adaptive Threat Modeling' →

February 15, 2018 by Marc Handelman in Conferences, Education, Information Security, NDC Security, Threat Modeling
February 15, 2018 /Marc Handelman
Conferences, Education, Information Security, NDC Security, Threat Modeling

Advanced Persistent Infrastructure →

November 22, 2017 by Marc Handelman in Threat Intelligence, Threat Modeling, Invasion, Flawed Infrastructure, Information Security

Curtis Jordan, writing at Dark Reading, regales us with a tale of Advanced Persistent Infrastructure, the underpinnings of cyberevil; and, today's paean to Threat Intelligence - Enjoy!

November 22, 2017 /Marc Handelman
Threat Intelligence, Threat Modeling, Invasion, Flawed Infrastructure, Information Security

Shostacks' 'Threat Modeling Password Managers' →

July 21, 2017 by Marc Handelman in Information Security, Threat Modeling

Adam Shostack provides us with a tremendous write-up of the problem with Password Managers and threat modeling, thereto. Today's Fine, Epicurean MustRead.

July 21, 2017 /Marc Handelman
Information Security, Threat Modeling