Parsons Software Security Consulting Blog

Threat Model for OWASP web goat

leave a comment »

I am trying to completely dissect OWASP’s web goat and link source code findings with web penetration findings.   In my quest to do this I have created a very, very rough threat model.   There is a lot more that needs to be added to the threat model.   I have completed probably ten threat models for different clients’ of mine.   I used the Microsoft Threat Model tool. I used an older version.  I think there are newer ones and better ones.   It is a good idea to use a threat model to see all of the components of the application.   It allows a security analyst or a developer to see the users’ of the application, the data and the possible data exposure of the data of the confidentiality, integrity and availibility of your application.    You can then create use and abuse cases for the application.









Matt Parsons, CISSP, MSM

Parsons Software Security Consulting, LLC

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: