Geeks With Blogs
ex-blog Information security world May 2005 Entries
Threat Modeling for Web Applications and ThreadsAndCountermeasures site
The Patterns & Practices folks have updated Threat Modeling for Web Applications Security Guidance [via Anil John]. The iterative threat modeling process as defined consist of: Identify security objectives. Clear objectives help you to focus the threat modeling activity and determine how much effort to spend on subsequent steps. Create an application overview. Itemizing your application's important characteristics and actors helps you to identify relevant threats during step 4. Decompose your ......

Posted On Wednesday, May 18, 2005 2:58 PM

Microsoft's Vision for an Identity Metasystem
Very interesting paper about Microsoft's vision for an Identity Metasystem by Kim Cameron (author of The Laws of Identity). It desribes challenges for digital identity in Internet and Microsoft's approach to solve them (Indigo, InfoCards and lessons from Passport). [Update] Stefan Brands provided some details on possible technologies behind InfoCard some time ago. More links available at P.T.Ong blog. [Update 19/05/2005] It seems that developer preview of InfoCard would be available by the end of ......

Posted On Friday, May 13, 2005 12:39 AM

Copyright © John Doe | Powered by: