Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/geoffrey-hill-tutamantic/rapid-threat-model-prototyping-docs

This repository stores content that can be used to design a Rapid Threat Model Prototyping process for a software development group.
https://github.com/geoffrey-hill-tutamantic/rapid-threat-model-prototyping-docs

Last synced: 3 months ago
JSON representation

This repository stores content that can be used to design a Rapid Threat Model Prototyping process for a software development group.

Awesome Lists containing this project

README

        

# Rapid Threat Model Prototyping (RTMP) documents
This repository stores content that can be used to design a Rapid Threat Model Prototyping (RTMP) process for a software development group. The repository will contain process documents and eventually helper code to implement the RTMP process.

RTMP is a threat modelling technique that decreases the time to make a threat model while also enabling the process to become more streamlined and effective. The methodology lends itself to automation and inclusion in an Agile or DevOps workflow.

All files are covered under the [Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License](https://creativecommons.org/licenses/by-nc-sa/4.0/).

## **You can find out more here**
* [Aug 2018 - London DevSecOps talk *audio*](https://soundcloud.com/user-212326930/aug-2018-devsecops-rapid-threat-model-prototyping-talk-by-geoff-hill "This is the raw video of the talk. You can find the talk slides here if you want to follow along.")
* [Feb 2019 - Application Security Podcast (S04E26), The Rapid Threat Model Prototyping Process *audio*](https://www.securityjourney.com/application-security-podcast/ "On this episode, Chris and Robert are joined by Geoff Hill to talk about Rapid Threat Model Prototyping Process.")

## files
=====
1. 18q08.aug.Rapid Threat Model Prototyping.pptx
* original presentation of RTMP process
2. 18x14.nov.3.Rapid Threat Model Prototyping - step by step.draw.io sample diagram.xml
* sample draw.io diagram to test the process
3. 18x14.nov.3.Rapid Threat Model Prototyping - step by step.pptx
* Walkthrough presentation of RTMP process,showing the steps
4. 18x26.Tutamen HOWTO-Rapid Threat Model Prototyping.docx
* in-depth walkthrough document of RTMP process, going into detail, with examples
5. 18x26.Tutamen HOWTO-Rapid Threat Model Prototyping.pdf
* same document as the docx above, but in pdf format
6. 19f31.jan.TRAINING - Threat Modeling Introduction and RTMP.pptx
* this slide deck contains actual training which can be systematically followed
7. 19k27.may.Rapid Threat Model Prototyping.pptx
* This new deck was created for OWASP AppSec Global Summit 2019 in Tel Aviv. It has the latest version.
8. 19h20.mar.mapping table - STRIDE-OT10-CWE-OPC-ASVS.xlsx
* This sheet will help a team to map the STRIDE threats to other frameworks to either find more specific threats or to find mitigations. This enables a team to not have the burden of maintaining Threat and Security Mitigation libraries.These are now based on the standard OWASP mitigation libraries.
9. 19m04.jun.INFEU18_Geoffrey Hill - Rapid Threat Model Prototyping _PPT_Tech_Talks.pptx
* Infosecurity Europe presentation
10. Kill Chain.pptx
* This shows the attack kill chain
11. 20g04.feb.Broadlight.Geoffrey Hill - Rapid Threat Model Prototyping.pptx
* Broad presentation done Feb 04, 2020
12. RTMP.2022 update.Rapid Threat Model Prototyping.pptx
* Updated 2022 deck on RTMP