SAMMY UI is optimized for resolutions with a width 1024px and higher.
DSOMM
Browse DSOMM
O-DS-1-1: Conduction of simple threat modeling on technical level
O-DS-2-1: Information security targets are communicated
O-DS-3-1: Conduction of simple threat modeling on business level
O-DS-3-2: Creation of simple abuse stories
O-DS-3-3: Creation of threat modeling processes and standards
O-DS-4-1: Conduction of advanced threat modeling
O-DS-5-1: Creation of advanced abuse stories
Conduction of advanced threat modeling
O-DS-4-1: Conduction of advanced threat modeling
  • Threat modeling is performed by using reviewing user stories and producing security driven data flow diagrams.
Description

Example High Maturity Scenario: Based on a detailed threat model defined and updated through code, the team decides the following: * Local encrypted caches need to expire and auto-purged. * Communication channels encrypted and authenticated. * All secrets persisted in shared secrets store. * Frontend designed with permissions model integration. * Permissions matrix defined. * Input is escaped output is encoded appropriately using well established libraries. Source: OWASP Project Integration Project