Threat Modeling OWASP Pages


The OWASP Threat Modeling provides a global representation of applicatoin threat modeling content for global security professionals worldwide. It provides an opportunity to unify not only application threat modeling content vetted by OWASP security professionals worldwide. The pages also provide a way for application security tools, references, projects to be correlated to application threat modeling activities. Tools, references such as cheat sheets, coding guides, risk models and more can be correlated to threat modeling activities managed by these pages.

Why

Currently, the OWASP Threat Modeling pages provide an unorganized repository of various threat modeling information/ references, some of which is incorrect. Application security professionals, architects, and developers are seeking for authoritative and prescriptive guidance on a myriad of application threat modeling tools, techniques, and methodologies that can be leveraged worldwide.

What

  • Rework OWASP threat modeling page with up to date content.
  • Create subpages on threat modeling methodologies that exist w/ details and artifacts
    • build a complete how to for software centric threat models
    • build a complete how to for risk centric threat models
      • Provide references to risk rating methods that professionals can use
    • Build a complete how to for security centric threat models
    • Provide pointers to OWASP Threat Modeling Cheat Sheets, Security Champions, Lightweight Threat Modeling initiatives

Who

  • Wiki ninjas
  • Experienced threat modeling evangelists
  • Project owners/ session organizers for other threat modeling workshops/ sessions

Related Working Session(s)



Back to list of all Working Sessions and Tracks

Edit this page here