Difference between revisions of "Summit 2011 Working Sessions/Session099"

From OWASP
Jump to: navigation, search
Line 98: Line 98:
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=
  
| summit_session_attendee_name17 =  
+
| summit_session_attendee_name17 = Tony UcedaVelez
| summit_session_attendee_email17 =  
+
| summit_session_attendee_email17 = tonyuv@owasp.org
| summit_session_attendee_username17 =  
+
| summit_session_attendee_username17 = Tony UcedaVelez
| summit_session_attendee_company17=
+
| summit_session_attendee_company17= VerSprite
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=
  

Revision as of 01:49, 3 February 2011

Global Summit 2011 Home Page
Global Summit 2011 Tracks

WS. individual projects.jpg Threat Modeling
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description Discussion on various components of threat modeling, threat modeling methodologies and their challenges.
Related Projects (if any)


Email Contacts & Roles Chair
Anurag Agarwal @

Operational Manager
Mailing list
{{{mailing_list}}}
WORKING SESSION SPECIFICS
Objectives
  1. Reviewing existing methodologies and their pros and cons
  2. Assigning business impacts to threats
  3. Assigning technical impacts to threats
  4. Threat Rating System.
  5. Can we bring attack trees into main stream threat modeling methodology?

Venue/Date&Time/Model Venue/Room
OWASP Global Summit Portugal 2011
Date & Time


Discussion Model
participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS
WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group Approved by OWASP Board

A document with a public recommendation on the use of threat modeling

After the Board Meeting - fill in here.

An OWASP standard defining what a threat model is.

After the Board Meeting - fill in here.

An OWASP standard defining a workflow for creating and maintaining a threat model.

After the Board Meeting - fill in here.

A white paper providing recommendations on how organizations can use threat modeling to achieve better security earlier in the process. Including a business-case rationale for threat modeling would be excellent.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
Matthew Chalmers @
ralogo_web.gif

Colin Watson @


Mateo Martinez @


Dinis Cruz @


Jim Manico @


Neil Matatall @


Christian Martorella @


Steven van der Baan @


Nishi Kumar @


Cecil Su @


Antonio Fontes @


Sherif Koussa @
Software Secured

Matthias Rohr @
SEC Consult

Vishal Garg @
AppSecure Labs

Matteo Meucci @


Seba Deleersnyder @
SAIT Zenitel

Tony UcedaVelez @
VerSprite