Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Matthew Franz (mfranzcisco.com)
Date: Thu Nov 29 2001 - 02:48:26 CST
> The Application Security Attack Components project is an attempt to break
> down all the possible attacks into their most discrete components. If you
> cant break an attack down further then we are there. I think the example at
> www.owasp.org/projects/asac/ is a really good example, although the UML
> sucks ! When we have done this we can build sets of attack trees using these
> attack objects that are the possible and known real world attacks. An
Yes. I was wondering if that was the next step--somehow linking together
these discrete comoponents into something more structured based on a high
level goal and that considered attack prerequisites and outcomes.
Are there any tools under development (or already out there) for building,
browsing, expanding/collapsing, analyzing attack trees--and that could tie
into the attack components y'all are developing?
I've run across a few commercial tools for building/analyzing decision
trees that are only marginally useful for doing attack modeling.