Threat model guide

Track: Threat Model
When: Thu PM-1
Where: Kings
Organizers Steven Wierckx Steven Wierckx
Participants Adam Shostack Adam Shostack , Aurelijus Stanislovaitis Aurelijus Stanislovaitis , Fraser Scott Fraser Scott , Sara Davis Sara Davis , Stuart Winter-Tear Stuart Winter-Tear , Tash Norris Tash Norris


People are clueless on how to start with threat modeling. I propos we create a guide i the style of ASVS where we show in different levels what the steps are that can be done for threat modeling depending on the need and/or maturity of the organisation.


A guide with some levels such as: level 0: you are not doing TM or something ad hoc level 1: you are answering some of the 4 questions but not in a structured way level 2: you do a full 4 question TM for one product level 3: you intregated the full TM in the SDLC and vary the amount/level of the TM according to the risk appetite of that application/system/product


The table of contents for the guide and some content.


Register as participant

To register as participant add Threat model guide to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all Working Sessions