Jump to content

Search the Community

Showing results for tags 'modeling'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 1 result

  1. Threat models help application developers answer some fundamental questions about potential risks and how to cut off vulnerabilities before they’re put into production. Some software development lifecycles, however, don’t include threat modeling as part of the code-building process because they’ve either never heard of it, or the process is too difficult. Students at St. Mary’s University in Nova Scotia, Canada, participating in Mozilla’s Winter of Security 2014 project, built a browser-based threat modeling tool that simplifies visualization of systems and data flows, and where soft spots might be introduced during design. The tool, called Seasponge, has been made available on Github and its developers are hoping to not only get feedback and feature suggestions, but also hope to encourage developers to introduce threat modeling into SDLs in order to fix bugs while in design when it’s cheap to do so. “We hope now that it’s out there that people collaborate, build threats for it, collaborate and share files and grow a threat modeling community around Seasponge,” said Glavin Wiechert, one of the students behind the tool along with Joel Kuntz, Sarah MacDonald and Mathew Kallada. “We hope this tool is easy to start out with and will ultimately accelerate the usage of threat modeling and the number of people using threat modeling for projects.” Wiechert, a full-time student at St. Mary’s who also runs his own analytics company, came into this project without much of a security background, other than an interest in the discipline. He and his colleagues, as well as Mozilla, hope that Seasponge ultimately has a place alongside Microsoft’s free SDL threat modeling tool, the most popular tool among developers today. “The original idea came from Mozilla to have a tool like this,” Wiechert said. “There was a heavy demand from their users within Mozilla to use something like the Microsoft threat modeling tool, but have it be more open source and Web-based, and not be forced to be just on the Windows platform.” Being a Web-based alternative to the Microsoft tool, the developers hope that with it now being open source, contributions can be made to help them reach their goals of adding more collaboration features, cloud-based storage for projects, encapsulation of entire systems, and more. “One of the big eye openers for me was the lack of development in terms of the only competition was the Microsoft tool,” Wiechert said. “No one dove into a web platform for threat modeling. I wasn’t very experienced in the field, but it is an important one. I expected more competition and a community, and we hoped to be part of it, but it was really Microsoft-centric.” Wiechert said Mozilla is among the early beta testers and is putting Seasponge through its paces. “It’s functional and you can make new threats in the tool, open, download and save files, visualize them; all the attributes work,” he said. “It’s also functional from a visualization standpoint. I’m hoping Mozilla is using it right now and soon anyone else in the community. We’re hoping to get feedback from the threat modeling community and we’re interested to hear any ideas.” Source
×
×
  • Create New...