Feels like we are starting an awesome discussion.

Let’s move this to it’s own topic.

Most awesome risk assessment style? - General - Threat Modeling Connect Forum

And have this thread* stay with ThreatPad.

*) Always strange to write the -d “thread”.

Want to see ThreatPad in action??

⇒ Read how TMC DACH German chapter used it to threat model online dating like Tinder. English and German texts available.

Online Dating Security + TMC DACH Threat Modeling Feierabend - Events - Threat Modeling Connect Forum

Highlights / TL;DR

Day at the beach ThreatPad1920×1200 205 KB

Inspired by this post by @AppSecSeanner, a ThreatPad “day at the beach” exercise conveys core threat modeling concepts (and ThreatPad) in 3-5 minutes.

Bildschirmfreigabe: ThreatPad + Systemmodell + Methoden1920×1080 191 KB

We can see how ThreatPad is super slim and leaves enough space to have system model and methods next to threats and mitigations in a screen share.

History?

I’ve experimented with showing the history / pattern how the threat model evolved:

It is cool. And it is creepy. ⇒ I won’t merge.

If you have any comments, let me know.

Demo: how I threat modeled Online Dating for meetup preparation

Legend: created new threat, created new mitigation, moved to another threat, time passed (5min+)

23m 20m 7m 5m 9m 10d 3d 8d 18h 37d 17h 5d 1d 5d 10m 6m 22d 19h 4d 2d 36m 7m 8m