A discussion on threat modeling

There is a discussion I had recently with a few folks over email around threat modeling that I thought would be nice to share on this blog. I’ll reduce the discussion down to 3 questions/responses. Question: Where does the line between Threat Modeling and documenting operational best practices begin and end? Response: A good threat…


TAM/TAMe and Other ACE Tools

Mark Curphey (newest member of ACE) recently did a post on a set of tools we have in our portfolio that we’re starting to take out to our customers (including TAMe). Read more here. -Talhah


XSSDetect BETA now available!

I’ve talked about threat modeling being one part of the overall information security puzzle… there are other controls and tools you need to make the process run smoothly. Our team recently released another of these tools called XSSDetect which helps detect Cross-Site Scripting (XSS) problems in .NET code; one of the most common problems in…