Examples of Identified Threats, Risk Ratings, and Mitigations?

OWASP / threat-model-cookbook

This project is about creating and publishing threat model examples.

https://owasp.org/www-project-threat-model-cookbook/

Other

403 stars 72 forks source link

Examples of Identified Threats, Risk Ratings, and Mitigations? #36

Open levinebw opened 2 years ago

levinebw commented 2 years ago

These are really useful assets for demonstrating how to diagraming the system, "What are we working on".

I don't see any artifacts that capture the threats that have been identified by these models (steps 2 and 3 of a a threat model). i.e., What can go wrong? What can we do about it?

Have I overlooked something, or is there a plan to add examples of a completed threat model exercise?

zbraiterman commented 2 years ago

Thank you, @levinebw, for bringing up these great points. I think that part of the intention of the attack tree submissions is to address step 2 (“What can go wrong?”).

We also, of course, welcome any suggestions you may have on how to incorporate contributions that address step 3 (“What can we do about it?”), as well as any other suggestions you may have, as we continue to build upon the Threat Modeling Cookbook.