Archives For Threat Modeling vNext

Let’s continue to investigate Threat Modeling vNext by example. This new installment of the series is about Lucy, an expert Threat Modeler.

Continue Reading...

Threat Modeling vNext can be an interesting idea, but what would that practically mean for you? This article tries to provide an answer to that question.

Continue Reading...

I’m happy to announce that on Monday, the 23rd of April, I will participate to WhiteSource’s Secure Coding Virtual Summit with a speak on Threat Modeling vNext.
Please participate!

The link to register is https://securecoding.com/virtual-summit/?utm_source=linkedin&utm_medium=social&utm_campaign=simone-curzi.

What is Threat Modeling vNext? To really understand it, we get a closer look at its genesis, discussing how the need has helped to evolve the vision to what it is now.

Continue Reading...

It is important to identify multiple mitigations, but how to do that? Security Controls are a great way to do that. The article introduces the main concepts and shows some ideas you can use to improve your Threat Models.

Continue Reading...

Mitigations, oh my!

February 27, 2020 — Leave a comment

The main goal of Threat Modeling is to identify the right mitigations to be implemented to minimize the risk. This is the first article to be completed next time, introducing the most important characteristics required to make the best choice when selecting mitigations for your Threat Modeling engagements.

Continue Reading...

Bug Bar and STRIDE-based calibration may allow to prioritize threats in a more balanced way. So, let’s see how to do that in practice.

Continue Reading...

The Residual Risk

February 13, 2020 — Leave a comment

Residual Risk is our ultimate goal when we Threat Model, is it? The article discusses what our goal really is and the role of mitigations in achieving it.

Continue Reading...

How to define quality for Threat Models? The article provides some key characteristics that would improve the usefulness of your Threat Models, and as a result would improve their quality.

Continue Reading...

Nothing is less clear than what is Quality for Threat Models, but for sure it must provide an experience that gives you more or at least a different value than what is provided by other approaches. Automation may look like the answer, but it is not. We still need to give proper relevance to the ingenuity of the Threat Modeling expert.

Continue Reading...