Threat Modeling Gameplay with EoP
Coming soon to a bookshelf near you, Threat Modeling Gameplay with EoP: A reference manual for spotting threats in software architecture
Author: Brett Crawley (28)
Brett is a Seasoned Application Security Engineer and Thought Leader with a Proven Track Record in Software Engineering and Security Best Practices.
Brett has over 10 years of application security experience and 25 years in software engineering. He holds (ISC)² certifications including CISSP, CSSLP, and CCSP. As the author of Threat Modeling Gameplay with EoP and the project lead for the OWASP Application Security Awareness Campaigns, Brett actively contributes to the security community. He also maintains the Ostering.com blog, where he shares insights on security practices.
Brett has successfully collaborated with teams to define security best practices and integrate security by design into their software development lifecycle (SDLC). His training initiatives in threat modeling have led to significant improvements in design quality and security awareness within organizations.
In his spare time, Brett enjoys sports, gardening, cooking, and photography. He is fluent in both English and Italian and holds dual citizenship.
Key Skills: Secure by Design, Privacy by Design, Threat Modeling (STRIDE, EoP, Privacy, LinddunGO, Plot4AI), Secure Coding, Vulnerability Management, and more.
Brett welcomes connections and opportunities to collaborate on innovative security solutions.
Games with Purpose - Nov 2022
Some interesting security and creativity games plus a few more
Application Security is More than Just Pen Testing
So often organizations believe that Application Security stops at penetration testing and fixing vulnerabilities but it is more than that, penetration testing is the reactive side of things but you also need the proactive aspects of Application Security to reduce the flow.
CAPEC-STRIDE Mapping
Mapping between the Common Attack Pattern Enumeration and Classification (CAPEC) from Mitre and the S.T.R.I.D.E. Categories used in Threat Modeling.
OWASP - Application Security Awareness Campaigns
I’ve just launched the first OWASP Application Security Awareness Campaign with 11 Posters of the OWASP Top Ten 2021 project.
Calculating Risk Across Project Real-estate using Graph Analysis
Prioritising remediation of vulnerabilities based on effective impact and risk using PageRank.
Python3 Notes
This is just a collection of notes I’ve made over a period of time to remind me of certain commands or syntax. I will continue adding to this over time. I’m also going to add my Natural Language Processing notes and Machine Learning Notes in a couple of other articles.
Introduction to SAML for Managers
SAML allows your users to be authenticated and authorized without direct interaction with your web site. It does this by creating a trust relationship between the site and a trusted third party who vouches for the identity of the user. This article explains both how this happens and what the additional benefits are.
Introduction to Kerberos for Managers
What is Kerberos? It is an authentication mechanism...
Introduction to Digital Signatures for Managers
What are digital signatures and what do they tell us, what information do they hold? All this and more are explained in this article.
Introduction to SSL for Managers
In this article I am going to outline what SSL is, its building blocks and how it works.
Three Brass Monkeys
In this article I’m going to talk about why we shouldn’t take security for granted, what practices should be part of our process and how the industry may move to enforce this.
Browse all Topics
- ANTLR
- Application Security
- AppSec
- Authentication
- Authorization
- Awareness
- CAPEC
- Centrality
- Certificates
- Compiler Compilers
- Compliance
- Dependency Analysis
- Digital Signatures
- Elevation of Privilege
- English
- Framework Fixators
- Games
- Grammar
- Graph Analysis
- GSSCredential
- Hashing
- HttpClient
- HttpComponents
- Inner-Source
- IT Extremists
- Java
- JavaCC
- JavaScript
- JBoss
- JNDI Realm
- Kerberos
- Key Distribution Center
- languages
- LDAP
- learning
- Legislation
- Manners
- Mitre
- Motivation
- Origins
- Osteria
- OWASP
- PageRank
- Parser Generators
- PicketLink
- Posters
- Programming Languages
- Public Key Cryptography
- Python
- Risk
- Running
- SAML
- SCA
- Scrum Nazis
- Scrum Talibans
- Security
- Social Engineering
- SSL
- SSO
- Strategy
- STRIDE
- Threat Modeling
- TLS
- Tomcat
- Top 10
- TRIM
- Vulnerability Management
- Wildfly