Difference between revisions of "Summit 2011 Working Sessions/Session099"

From OWASP
Jump to: navigation, search
 
(33 intermediate revisions by 21 users not shown)
Line 2: Line 2:
 
|-
 
|-
  
| summit_session_name =  
+
| summit_session_attendee_name1 = Matthew Chalmers
| summit_session_url =  
+
| summit_session_attendee_email1 = matthew.chalmers@owasp.org
 +
| summit_session_attendee_username1 =
 +
| summit_session_attendee_company1=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=
 +
 
 +
| summit_session_attendee_name2 = Colin Watson
 +
| summit_session_attendee_email2 =
 +
| summit_session_attendee_username2 =
 +
| summit_session_attendee_company2=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=
 +
 
 +
| summit_session_attendee_name3 = Mateo Martinez
 +
| summit_session_attendee_email3 = mateo.martinez@owasp.org
 +
| summit_session_attendee_username3 =
 +
| summit_session_attendee_company3=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=
 +
 
 +
| summit_session_attendee_name4 = Dinis Cruz
 +
| summit_session_attendee_email4 = dinis.cruz@owasp.org
 +
| summit_session_attendee_username4 =
 +
| summit_session_attendee_company4=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=
 +
 
 +
| summit_session_attendee_name5 = Jim Manico
 +
| summit_session_attendee_email5 = jim.manico@owasp.org
 +
| summit_session_attendee_username5 =
 +
| summit_session_attendee_company5=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=
 +
 
 +
| summit_session_attendee_name6 = Neil Matatall
 +
| summit_session_attendee_email6 = neil@owasp.org
 +
| summit_session_attendee_username6 =
 +
| summit_session_attendee_company6=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=
 +
 
 +
| summit_session_attendee_name7 = Christian Martorella
 +
| summit_session_attendee_email7 = laramies@gmail.com
 +
| summit_session_attendee_username7 =
 +
| summit_session_attendee_company7=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=
 +
 
 +
| summit_session_attendee_name8 = Steven van der Baan
 +
| summit_session_attendee_email8 = steven.van.der.Baan@owasp.org
 +
| summit_session_attendee_username8 =
 +
| summit_session_attendee_company8=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=
 +
 
 +
| summit_session_attendee_name9 = Nishi Kumar
 +
| summit_session_attendee_email9 = nishi787@hotmail.com
 +
| summit_session_attendee_username9 =
 +
| summit_session_attendee_company9=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=
 +
 
 +
| summit_session_attendee_name10 = Cecil Su
 +
| summit_session_attendee_email10 = cecil.su@owasp.org
 +
| summit_session_attendee_username10 =
 +
| summit_session_attendee_company10=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=
 +
 
 +
| summit_session_attendee_name11 = Antonio Fontes
 +
| summit_session_attendee_email11 = antonio.fontes@owasp.org
 +
| summit_session_attendee_username11 =
 +
| summit_session_attendee_company11=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=
 +
 
 +
| summit_session_attendee_name12 = Sherif Koussa
 +
| summit_session_attendee_email12 = sherif.koussa@owasp.org
 +
| summit_session_attendee_username12 =
 +
| summit_session_attendee_company12= Software Secured
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=
 +
 
 +
| summit_session_attendee_name13 = Matthias Rohr
 +
| summit_session_attendee_email13 = m.rohr@sec-consult.com
 +
| summit_session_attendee_username13 =
 +
| summit_session_attendee_company13= SEC Consult
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=
 +
 
 +
| summit_session_attendee_name14 = Vishal Garg
 +
| summit_session_attendee_email14 = vishalgrg@gmail.com
 +
| summit_session_attendee_username14 =
 +
| summit_session_attendee_company14= AppSecure Labs
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=
 +
 
 +
| summit_session_attendee_name15 = Matteo Meucci
 +
| summit_session_attendee_email15 = matteo.meucci@owasp.org
 +
| summit_session_attendee_username15 =
 +
| summit_session_attendee_company15=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=
 +
 
 +
| summit_session_attendee_name16 = Seba Deleersnyder
 +
| summit_session_attendee_email16 = seba@owasp.org
 +
| summit_session_attendee_username16 =
 +
| summit_session_attendee_company16= SAIT Zenitel
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=
 +
 
 +
| summit_session_attendee_name17 = Tony UcedaVelez
 +
| summit_session_attendee_email17 = tonyuv@owasp.org
 +
| summit_session_attendee_username17 = Tony UcedaVelez
 +
| summit_session_attendee_company17= VerSprite
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=
 +
 
 +
| summit_session_attendee_name18 = L. Gustavo C. Barbato
 +
| summit_session_attendee_email18 = lgbarbato@owasp.org
 +
| summit_session_attendee_username18 = Gustavo Barbato
 +
| summit_session_attendee_company18= Dell
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=
 +
 
 +
| summit_session_attendee_name19 = Edward Bonver
 +
| summit_session_attendee_email19 = edward@owasp.org
 +
| summit_session_attendee_username19 = Edward Bonver
 +
| summit_session_attendee_company19= Symantec
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=
 +
 
 +
| summit_session_attendee_name20 = Ofer Maor
 +
| summit_session_attendee_email20 = ofer.maor@owasp.org
 +
| summit_session_attendee_username20 =
 +
| summit_session_attendee_company20=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=
 +
 
 +
| summit_session_attendee_name21 = Wojciech Dworakowski
 +
| summit_session_attendee_email21 = wojciech.dworakowski@securing.pl
 +
| summit_session_attendee_username21 = Wojciech Dworakowski
 +
| summit_session_attendee_company21= SecuRing
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed21=
 +
 
 +
| summit_session_attendee_name22 = Alexandre Miguel Aniceto
 +
| summit_session_attendee_email22 = alexandre.aniceto@sekirite.org
 +
| summit_session_attendee_username22 = Alexandre Miguel Aniceto
 +
| summit_session_attendee_company22= Willway
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed22=
 +
 
 +
|-
 +
| summit_track_logo = [[Image:T._individual_projects.jpg]]
 +
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
 +
| summit_session_name = Threat Modeling
 +
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099
  
 
|-
 
|-
  
| short_working_session_description=
+
| short_working_session_description=Discussion on various components of threat modeling, threat modeling methodologies and their challenges.
  
 
|-
 
|-
  
| related_project_name1 =  
+
| related_project_name1 = Threat Modeling
 
| related_project_url_1 =  
 
| related_project_url_1 =  
  
Line 28: Line 163:
 
|-
 
|-
  
| summit_session_objective_name1=  
+
| summit_session_objective_name1= Reviewing existing methodologies and their pros and cons
  
| summit_session_objective_name2 =  
+
| summit_session_objective_name2 = Assigning business impacts to threats
  
| summit_session_objective_name3 =  
+
| summit_session_objective_name3 = Assigning technical impacts to threats
  
| summit_session_objective_name4 =  
+
| summit_session_objective_name4 = Threat Rating System.
  
| summit_session_objective_name5 =
+
| summit_session_objective_name5 = Can we bring attack trees into main stream threat modeling methodology?
 +
 
 +
| summit_session_objective_name6 = Can we use metrics to promote threat modeling?
  
 
|-
 
|-
Line 56: Line 193:
 
|-
 
|-
  
|summit_session_deliverable_name1 =  
+
|summit_session_deliverable_name1 = A document with a public recommendation on the use of threat modeling
|summit_session_deliverable_url_1 =  
+
|summit_session_deliverable_name2 = An OWASP standard defining what a threat model is.
  
|summit_session_deliverable_name2 =
+
|summit_session_deliverable_name3 = An OWASP standard defining a workflow for creating and maintaining a threat model.
|summit_session_deliverable_url_2 =  
+
  
|summit_session_deliverable_name3 =
+
|summit_session_deliverable_name4 = A white paper providing recommendations on how organizations can use threat modeling to achieve better security earlier in the process. Including a business-case rationale for threat modeling would be excellent.
|summit_session_deliverable_url_3 =
+
 
+
|summit_session_deliverable_name4 =  
+
|summit_session_deliverable_url_4 =
+
  
 
|summit_session_deliverable_name5 =  
 
|summit_session_deliverable_name5 =  
|summit_session_deliverable_url_5 =  
+
 
 +
|summit_session_deliverable_name6 =
 +
 
 +
|summit_session_deliverable_name7 =
 +
 
 +
|summit_session_deliverable_name8 =  
  
 
|-
 
|-
  
| summit_session_leader_name1 =  
+
| summit_session_leader_name1 = Anurag Agarwal
| summit_session_leader_email1 =  
+
| summit_session_leader_email1 = anurag@myappsecurity.com
| summit_session_leader_wiki_username1 =
+
  
 
| summit_session_leader_name2 =  
 
| summit_session_leader_name2 =  
 
| summit_session_leader_email2 =  
 
| summit_session_leader_email2 =  
| summit_session_leader_wiki_username2 =
+
| summit_session_leader_username2 =  
  
 
| summit_session_leader_name3 =  
 
| summit_session_leader_name3 =  
 
| summit_session_leader_email3 =  
 
| summit_session_leader_email3 =  
| summit_session_leader_wiki_username3 =
+
| summit_session_leader_username3 =  
  
 
|-
 
|-
Line 89: Line 225:
 
| operational_leader_name1 =
 
| operational_leader_name1 =
 
| operational_leader_email1 =
 
| operational_leader_email1 =
| operational_leader_wiki_username1 =  
+
| operational_leader_username1 =  
  
 
|-
 
|-
  
| summit_session_attendee_name1 =
 
| summit_session_attendee_email1 =
 
| summit_session_attendee_wiki_username1 =
 
 
| summit_session_attendee_name2 =
 
| summit_session_attendee_email2 =
 
| summit_session_attendee_wiki_username2 =
 
 
| summit_session_attendee_name3 =
 
| summit_session_attendee_email3 =
 
| summit_session_attendee_wiki_username3 =
 
 
| summit_session_attendee_name4 =
 
| summit_session_attendee_email4 =
 
| summit_session_attendee_wiki_username4 =
 
 
| summit_session_attendee_name5 =
 
| summit_session_attendee_email5 =
 
| summit_session_attendee_wiki_username5 =
 
 
| summit_session_attendee_name6 =
 
| summit_session_attendee_email6 =
 
| summit_session_attendee_wiki_username6 =
 
 
| summit_session_attendee_name7 =
 
| summit_session_attendee_email7 =
 
| summit_session_attendee_wiki_username7 =
 
 
| summit_session_attendee_name8 =
 
| summit_session_attendee_email8 =
 
| summit_session_attendee_wiki_username8 =
 
 
| summit_session_attendee_name9 =
 
| summit_session_attendee_email9 =
 
| summit_session_attendee_wiki_username9 =
 
 
| summit_session_attendee_name10 =
 
| summit_session_attendee_email10 =
 
| summit_session_attendee_wiki_username10 =
 
 
| summit_session_attendee_name11 =
 
| summit_session_attendee_email11 =
 
| summit_session_attendee_wiki_username11 =
 
 
| summit_session_attendee_name12 =
 
| summit_session_attendee_email12 =
 
| summit_session_attendee_wiki_username12 =
 
 
| summit_session_attendee_name13 =
 
| summit_session_attendee_email13 =
 
| summit_session_attendee_wiki_username13 =
 
 
| summit_session_attendee_name14 =
 
| summit_session_attendee_email14 =
 
| summit_session_attendee_wiki_username14 =
 
 
| summit_session_attendee_name15 =
 
| summit_session_attendee_email15 =
 
| summit_session_attendee_wiki_username15 =
 
 
| summit_session_attendee_name16 =
 
| summit_session_attendee_email16 =
 
| summit_session_attendee_wiki_username16 =
 
 
| summit_session_attendee_name17 =
 
| summit_session_attendee_email17 =
 
| summit_session_attendee_wiki_username17=
 
 
| summit_session_attendee_name18 =
 
| summit_session_attendee_email18 =
 
| summit_session_attendee_wiki_username18 =
 
 
| summit_session_attendee_name19 =
 
| summit_session_attendee_email19 =
 
| summit_session_attendee_wiki_username19 =
 
 
| summit_session_attendee_name20 =
 
| summit_session_attendee_email20 =
 
| summit_session_attendee_wiki_username20 =
 
 
|-
 
  
 
| meeting_notes =  
 
| meeting_notes =  

Latest revision as of 18:49, 7 February 2011

Global Summit 2011 Home Page
Global Summit 2011 Tracks

WS. individual projects.jpg Threat Modeling
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description Discussion on various components of threat modeling, threat modeling methodologies and their challenges.
Related Projects (if any)


Email Contacts & Roles Chair
Anurag Agarwal @

Operational Manager
Mailing list
{{{mailing_list}}}
WORKING SESSION SPECIFICS
Objectives
  1. Reviewing existing methodologies and their pros and cons
  2. Assigning business impacts to threats
  3. Assigning technical impacts to threats
  4. Threat Rating System.
  5. Can we bring attack trees into main stream threat modeling methodology?

Venue/Date&Time/Model Venue/Room
OWASP Global Summit Portugal 2011
Date & Time


Discussion Model
participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS
WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group Approved by OWASP Board

A document with a public recommendation on the use of threat modeling

After the Board Meeting - fill in here.

An OWASP standard defining what a threat model is.

After the Board Meeting - fill in here.

An OWASP standard defining a workflow for creating and maintaining a threat model.

After the Board Meeting - fill in here.

A white paper providing recommendations on how organizations can use threat modeling to achieve better security earlier in the process. Including a business-case rationale for threat modeling would be excellent.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
Matthew Chalmers @
ralogo_web.gif

Colin Watson


Mateo Martinez @


Dinis Cruz @


Jim Manico @


Neil Matatall @


Christian Martorella @


Steven van der Baan @


Nishi Kumar @


Cecil Su @


Antonio Fontes @


Sherif Koussa @
Software Secured

Matthias Rohr @
SEC Consult

Vishal Garg @
AppSecure Labs

Matteo Meucci @


Seba Deleersnyder @
SAIT Zenitel

Tony UcedaVelez @
VerSprite

L. Gustavo C. Barbato @
Dell

Edward Bonver @
Symantec

Ofer Maor @