From 6c95a7668ec3f62b554297493dc490b164a224ad Mon Sep 17 00:00:00 2001 From: abstraktor Date: Wed, 22 Jul 2020 12:15:47 +0200 Subject: [PATCH 1/3] Added refs to YAKINDU Security Analyst and 21434 - added Video: [ISO/SAE 21434 by Example](https://youtu.be/3LsNx-ljIK8?t=1180) - added example: [ISO/SAE 21434 Annex G Example in YAKINDU Security Analyst](https://github.com/Yakindu/YSA-examples) - added paid tool: [YAKINDU Security Analyst](https://www.itemis.com/de/yakindu/security-analyst/) - YAKINDU Security Analyst is a model-based software tool for threat analysis and risk assessment of technical systems. With Security Analyst you can identify your protection needs, analyze possible threats and calculate the resulting risks. The underlying assessment model and calculation logic are highly customizable and can be integrated into existing toolchains. disclaimer: I'm a developer of it and speaker in that talk --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 85a7904..a965485 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,9 @@ Contributions welcome. Add links through pull requests or create an issue to sta - [An Agile Approach to Threat Modeling for Securing Open Source Project EdgeX Foundry](https://www.youtube.com/watch?v=iw-FzeKaj48) - [Threat Modeling 101 (SAFECode On Demand Training Course)](https://www.youtube.com/watch?v=QQ7StGiy_-M) + +- [ISO/SAE 21434 by Example](https://youtu.be/3LsNx-ljIK8?t=1180) + ## Tutorials and Blogs *Tutorials and blogs that explain threat modeling* @@ -141,6 +144,8 @@ Contributions welcome. Add links through pull requests or create an issue to sta - [Where is my Threat Model?](https://blog.appsecco.com/where-is-my-threat-model-b6f8b077ac47) +- [Threat Modeling in a Risk Assessment Process](https://www.security-analyst.org/threat-analysis-and-risk-assessment/) + ## Threat Model examples @@ -156,6 +161,8 @@ Contributions welcome. Add links through pull requests or create an issue to sta - [Kubernetes Threat Model](https://github.com/kubernetes/community/tree/master/wg-security-audit/findings) +- [ISO/SAE 21434 Annex G Example in YAKINDU Security Analyst](https://github.com/Yakindu/YSA-examples) + ## Tools @@ -185,6 +192,8 @@ Contributions welcome. Add links through pull requests or create an issue to sta - [Foreseeti](https://www.foreseeti.com/) - SecuriCAD Vanguard is an attack simulation and automated threat modeling SaaS service that enables you to automatically simulate attacks on a virtual model of your AWS environment. +- [YAKINDU Security Analyst](https://www.itemis.com/de/yakindu/security-analyst/) - YAKINDU Security Analyst is a model-based software tool for threat analysis and risk assessment of technical systems. With Security Analyst you can identify your protection needs, analyze possible threats and calculate the resulting risks. The underlying assessment model and calculation logic are highly customizable and can be integrated into existing toolchains. + ## Sponsor ![Practical DevSecOps](images/practical-devsecops-logo.png) From 05e05b18194882d93a78e7dbea17498c132e9b11 Mon Sep 17 00:00:00 2001 From: abstraktor Date: Thu, 23 Jul 2020 08:45:59 +0200 Subject: [PATCH 2/3] Fixed broken link from threatmodeler.com It yielded a 404 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a965485..154daea 100644 --- a/README.md +++ b/README.md @@ -144,7 +144,7 @@ Contributions welcome. Add links through pull requests or create an issue to sta - [Where is my Threat Model?](https://blog.appsecco.com/where-is-my-threat-model-b6f8b077ac47) -- [Threat Modeling in a Risk Assessment Process](https://www.security-analyst.org/threat-analysis-and-risk-assessment/) +- [Threat Modeling in a Risk Assessment Process](https://threatmodeler.com/wp-content/uploads/2018/12/7-Easy-Steps-for-Building-a-Scalable-Threat-Modeling-Process-copy.pdf) ## Threat Model examples From d23843f1b1950ac18cf3006c9e58697b097bda00 Mon Sep 17 00:00:00 2001 From: abstraktor Date: Thu, 23 Jul 2020 08:51:14 +0200 Subject: [PATCH 3/3] Undo confusion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fat fingers… --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 154daea..03476b1 100644 --- a/README.md +++ b/README.md @@ -140,11 +140,11 @@ Contributions welcome. Add links through pull requests or create an issue to sta - [The Power of a Tailored Threat Model Whitepaper](https://www.lookingglasscyber.com/resources/white-papers/the-power-of-a-tailored-threat-model/) -- [7 Easy Steps For Building a Scalable Threat Modeling Process](https://go.threatmodeler.com/7-steps-building-scalable-threat-modeling-process) +- [7 Easy Steps For Building a Scalable Threat Modeling Process](https://threatmodeler.com/wp-content/uploads/2018/12/7-Easy-Steps-for-Building-a-Scalable-Threat-Modeling-Process-copy.pdf) - [Where is my Threat Model?](https://blog.appsecco.com/where-is-my-threat-model-b6f8b077ac47) -- [Threat Modeling in a Risk Assessment Process](https://threatmodeler.com/wp-content/uploads/2018/12/7-Easy-Steps-for-Building-a-Scalable-Threat-Modeling-Process-copy.pdf) +- [Threat Modeling in a Risk Assessment Process](https://www.security-analyst.org/threat-analysis-and-risk-assessment/) ## Threat Model examples