Threatmodel tool demos - Wednesday AM

Steven Wierckx
Fraser Scott
Izar Tarandach
When (day):
Wed
At:
11:00 - 13:00
Track:
Threat Modeling
Topics:
Watch
Zoom link will be available very soon
Register:

Training Session Video

Notable logs from the chat during the session

14:24:16 From Mario : I’ve been teaching both RTMP and LINDDUN GO with my customers
14:24:31 From Mario : On the same sessions. Gives everyone vocabulary to discuss both problem spaces :)
14:26:08 From Mario : Agree with respect to LINDDUN, as it’s a “hard” modelling technique
14:26:12 From Mario : But LINDDUN GO is easier
14:26:31 From Didar Gelici : because it is gamified?
14:26:58 From Mario : yes, and the cards themselves have all the basic INFO to understand it and real world examples to make them clear
14:27:44 From Didar Gelici : as opposed to Elevation of Privacy game
14:29:37 From Didar Gelici : privacy… i meant privilege
14:30:11 From Avi Douglen : actually, Elevation of Privacy sounds like a killer game
14:30:31 From Avi Douglen : maybe an expansion pack… inapp DLC?
14:34:17 From Mario : An online game would be brilliant
14:34:28 From Mario : someone should suggest that to Kym
14:34:52 From Mario : She was kind enough to send me a deck of the actual cards
14:35:25 From Avi Douglen : or talk to https://eopgame.herokuapp.com/ for an expansion :-) 14:43:46 From Didar Gelici : https://github.com/geoffrey-hill-tutamantic
14:43:56 From Didar Gelici : https://github.com/geoffrey-hill-tutamantic/rapid-threat-model-prototyping-docs 14:44:58 From Didar Gelici : Prerequisites for using Tutamantic: RTMP
14:45:23 From Didar Gelici : draw.io
14:45:27 From Didar Gelici : knowledge in STRIDE
14:45:57 From Didar Gelici : stakeholders
14:54:38 From Didar Gelici : 50 uploads each for a limited time for people who email geoff.hill@tutamantic.com 14:56:14 From Didar Gelici : “Threat model game”
15:00:13 From jbi zoom1 : James Veitch for some security related humour
15:01:17 From Didar Gelici : Takeaway’s for Geoff: instructions to the game > Avi
15:01:25 From Didar Gelici : Mario’s fork
15:01:53 From Didar Gelici : Wallaby’s STRIPED
15:01:59 From Didar Gelici : Zone vs Criticality

Why

When choosing a threat model tool, you first need to know what the tool can and cannot do. In order to facilitate this we are organising a number of demonstrations of tools, each 30 minutes long.

What

Tool 1: A Pythonic framework for threat modeling by Izar https://github.com/izar/pytm

Tool 2: TENTATIVE by zeroXten https://threatspec.org/

Outcomes

A recording of the functionalities at the moment of the summit

Who

Back to list of all User Sessions

Updated: 2020-10-03 18:35:58 -0300 -0300, Version: 28f7832