I am not sure if this is the right place to post this.
Has any other MG recipients used threat modeler or threaglie before?
- Threagile — Agile Threat Modeling Toolkit
- Threagile - The Open-Source Agile Threat Modeling Toolkit - YouTube
- ThreatModeler Software Inc - Industry’s #1 Threat Modeling platform
- Demo of the #1 Automated Threat Modeling Solution - YouTube
If you watch the ThreatModeler youtube vid it explains why threat modelling is important and how to use it effectively. I would start with that video. The basic idea is moving from reactionary testing to proactive requirements based testing and development, the corner stone of a SDLC.
One huge advantage of using software and automating it is these people have put the OWASP guidelines and requirements in there already. This will save other projects a massive amount of heavy lifting and give you confidence that you are on the right track. The test team even if they have no previous OWASP experience can now also test OWASP stuff as part of their test cycle.
If you are going to submit your project to 3rd party security evaluation then having this done already will save you massive amounts of money and the 3rd party a lot of prep time, so they can spend more time testing.
I have always done the hours of thinking and STRIDE methodology. I am booking a meet with ThreatModeler. I encourage all ZOMG recipients to check it out.
Please post any comments/ideas/criticisms I really would like some feedback on this.