There is some pushback from mobile app developers that the creation of a threat model in IRIUS RISK does not work. My question: Doe anybody have any experience and or guidance which could help us?
Are you looking for just best practices in getting mobile app developers to create threat models in IriusRisk or is the tool having technical issues that is preventing them?
I am looking for best practices and maybe even an example. Thanks
This is a draw.io TM supersimplified of a
Mobile TM.docx (319.8 KB)
mobile app done several years ago
1 Like
Inspired by Jamil Ahmed’s OWASP Top 10 vs STRIDE mapping. It is quite useful to start conversation with OWASP Top 10 series to map with STRIDE.
Here is an example output of mapping STRIDE with OWASP Mobile Top 10 from ChatGPT. You can custome to suit your environment further. I hope it helps😊
2 Likes
Thanks for the responses all!! We have started our journey and was able to convince the teams. I will for sure read and study all the material you shared!
2 Likes