Message Image

Blockchain/ Distributed Ledger

Back to Library

STRIDE Modeling Tool

Aug 13, 2020 02:52:25 PM

Urmila Nagvekar

Great Job Chaddy.

Storing the URLs to STRIDE Threat Modeling Tool that Chaddy Hussain had posted in the chat

https://en.wikipedia.org/wiki/STRIDE_(security)

https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling

https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-getting-started

Threat Modeling Tool 101

Statistics

0 Favorited

34 Views

0 Files

0 Shares

0 Downloads

Tags and Keywords

Comments

Carlos Dominguez

Aug 18, 2020 12:02:05 PM

I think we will need to use STRIDE with a risk scoring methodology for continuity of analysis. Microsoft used DREAD to supplement STRIDE but noted it may not work for software-centric threat modeling which I don't think is our case.

There is another view on threat modeling that empathizes the use of Process Flow Diagrams (PDF) instead of Data Flow Diagrams (DFD) as per the VAST methodology focusing on operational risks (see https://threatmodeler.com/threat-modeling-methodologies-overview-for-your-business/)

Conclusion: I think STRIDE will work and we can use the free tool provided by MS, but we also need a risk scoring methodology.

I will upload couple of resources regarding threat modeling, for your consideration here:
https://circle.cloudsecurityalliance.org/viewdocument/frameworks-and-methodologies?CommunityKey=a9786cbe-105a-420f-a353-8bbe10ab684d&tab=librarydocuments

Related Entries and Links

No Related Resource entered.

Powered by Higher Logic