IoT Threat Modeling

IoT Threat Modeling for Greater Security

The Internet of Things – or IoT – is growing at an explosive rate. A recent international study sponsored by the US Chamber of Commerce indicates that in just two years as many as 85% of organizations will utilize IoT to add value to their operations.[1] Consumer adoption of connected devices is currently growing by[…]

Architecturally-based process flow diagrams help organizations understand their attacker population

Architecturally-Based Process Flow Diagrams

Threat modeling is catching on. Increasingly organizations are realizing that securing DevOps projects as early as possible – preferably during the initial white boarding – not only reduces risk, it makes good business sense. For some time now agile DevOps workflows have included static and dynamic scans, issue tracking, and other tools to help ensure[…]

ThreatModeler JIRA Plugin

Introducing the ThreatModeler JIRA Plugin

SecDevOps is all about pushing security left with tools that automate the integration between security and DevOps teams working in an agile environment. Ideally, that left-shift will go as far as integrating security considerations into the architect’s white boarding stage. Implementing this left-shift with ThreatModeler is rather easy. ThreatModeler’s diagramming canvas works from an architectural[…]

realistic modeling

ThreatModeler vs. TMT – Realistic Modeling

In our previous articles comparing ThreatModeler™ and Microsoft’s Threat Modeling Tool (TMT), we considered the tools from an AppSec perspective and the CISO’s perspective. In this installment, we compare the capacity of each threat modeling tool to provide outputs based on realistic modeling of a modern enterprise IT environment as embodied by an online banking[…]