Threat Modeling Your Dependencies - Part 2
Mitigating Third-Party Component Risk: Swapping the Cancer for...
Tagged in: Threat Modeling (7)
Threat Modeling Your Dependencies - Part 1
How One Bad Library Can Poison Your Entire...
Your SBOM Data Has Been Gathering Dust - Until Now
I’ve been talking about graphs for dependency analysis...
What! Think before coding? WHY?
Why are so many people just diving, straight into the code? A minimum of requirements and design? Perhaps a threat Model?
Threat Modeling Gameplay with EoP
Coming soon to a bookshelf near you, Threat Modeling Gameplay with EoP: A reference manual for spotting threats in software architecture
Threat Modeling Remotely with Miro and EoP
Threat modeling with teams is a process that requires visuals, interaction between team members and discussion and so lends itself to everyone being in a room together. This has been quite hard the last two years. It also doesn’t look to be getting any easier, so we should probably get used to it. Here’s how I’ve been doing it with several teams.
CAPEC-STRIDE Mapping
Mapping between the Common Attack Pattern Enumeration and Classification (CAPEC) from Mitre and the S.T.R.I.D.E. Categories used in Threat Modeling.
Browse all Topics
- Accountability
- AI
- ANTLR
- Application Security
- AppSec
- Artificial Intelligence
- Authentication
- Authorization
- Awareness
- Binary
- CAPEC
- Centrality
- Certificates
- Change
- Claude Code Security
- Clean House
- Compiler Compilers
- Compliance
- Culture
- Cursor AI
- Dependency Analysis
- Digital Signatures
- Elevation of Privilege
- English
- Framework Fixators
- Games
- Grammar
- Graph Analysis
- GSSCredential
- Hashing
- HttpClient
- HttpComponents
- Inner-Source
- IT Extremists
- Java
- JavaCC
- JavaScript
- JBoss
- JNDI Realm
- Kerberos
- Key Distribution Center
- languages
- LDAP
- Leadership
- learning
- Legislation
- Manners
- Miro
- Miroverse
- Mitre
- Motivation
- Origins
- Osteria
- OWASP
- Ownership
- PageRank
- Parser Generators
- PicketLink
- Posters
- Precision
- Programming Languages
- Public Key Cryptography
- Python
- Reachability
- Recall
- Responsibility
- Risk
- Running
- SAML
- SAST
- SBOM
- SCA
- Scrum Nazis
- Scrum Talibans
- Security
- Security by Design
- Security Maturity
- Social Engineering
- Software Architecture
- Software Composition Analysis
- Software Design
- Source Code
- SSL
- SSO
- Strategy
- STRIDE
- Supply Chain Security
- Threat Modeling
- Threat Modelling
- TLS
- Tomcat
- Top 10
- TRIM
- Trustworthyness
- Vulnerability Management
- Wildfly