Practical Threat Analysis Documents & Samples
PTA Methodology in a Nutshell
gives a short description of the Practical Threat Analysis process.
Practical Threat Analysis
for Securing Systems is an in-depth description of the PTA methodology, theory
definitions and analysis steps (also available in
Reduction Methodology for Legacy Software presents practical ideas on using
PTA in mitigating defects in enterprise legacy software systems (with the
Case Studies: Threat Modeling and Calculative Risk Assessment
of a Call Accounting
Enterprise System describes the threat modeling and calculative risk assessment
process of real-life case study of an enterprise call accounting solution.
Case Study gives the threat model of Microsoft Passport single
sign-on protocol based on the excellent paper "Risks
of the Passport Single Signon Protocol" by
David P. Kormann
and Aviel D. Rubin.
PTA Software Technology and Tools
PTA Technology for
Consultants, Manufacturers and Security Solutions Providers
short description of the technology building blocks available for integration with security
products and services.
PTA Software Tool is a
short leaflet of the PTA Professional Edition tool.
PTA Professional Edition
Presentation presents the main practical threat analysis steps combined with
screenshots of the
PTA desktop tool.
PTA Professional Edition is a detailed list of the
PTA desktop tool features.
with PTA explains how PTA supports the Practical Threat Analysis process.
PTA Reports describes some of PTA outcomes
PTA for the Enterprise is a detailed list of the server-based enterprise
PTA Libraries a
list of security checklists available as part of PTA OEM private labeling
PTA Reports Samples
gives a the outcomes of a threat analysis of a sample computerized
system for publishing the daily currency exchange rates.
PTA System Monitor is a
screen shot of the main system security monitor of the currency exchange sample.
PTA Sample Projects and Freeware Libraries
The sample projects and repository free
libraries are packed in WinZip archives which contain the relevant threat models
and additional documents. After downloading an archive, please extract
the files to a dedicated folder according to your convenience and than invoke
PTA* and open the relevant thm or thl file using the File / Open PTA Project dialog.
*Note: to view the threat model or library you should have
Tool Installed on your computer.
Case Study is a threat analysis project (thm file) of a Web based call
Passport Case Study is
the threat model project (thm file) of MS Passport security protocol.
Currency Rates is a the threat analysis
project (thm file) of a small sample
Import Text are sample
text files for demonstrating the import of threat model entities from comma
delimited text files by using the Import
Entities from Text to Library tool. Use the
Import Templates as
blank text files for creating your own import data files.
MS Telecom Entity
Library is a sample PTA library (thl file) that contains basic assets,
vulnerabilities, threats and countermeasures relevant to telecom/billing/call
accounting Web based solutions in Microsoft platform.
PTA ISO 27001
library (revised: September 2007) provides an efficient tool for performing
ISO 27001 2005 risk assessment audits. The zipped package contains the
ISO27001.3_Library (thl file) - a PTA
library that can be used as a source of entities to build a threat model from
scratch and the ISO27001.3_Base_Model (thm file) sample threat model which demonstrates
the use of the PTA ISO27001 library. Also included an Excel version of the
ISO27001 standard's original checklist.
PTA for PCI DSS 1.1
(revised: September 2007) is
not just another compliance checklist - it is a great way for any merchant to
protect customer payment card data and their business availability. Extract the
zip file into a dedicated folder - it contains a baseline threat model, a PTA
library and all the relevant PCI standard documentation organized as PTA
attached documents. The PCI_DSS_1.1_Base_Model (thm file) is intended for use in
self-assessments by PCI risk assessors. The PCI_DSS_1.1_Library (thl
file) can be used
by PTA professionals in order to integrate PCI DSS entities into their existing
threat models and create an integrated risk model for the entire enterprise.
PTA Professional Forum
contains several articles which demonstrate how Information Security
professionals use PTA
libraries and threat models in real life cases.
Read More > on how
- Use the PTA for PCI DSS 1.1 package for
performing PCI compliance self assessments
- Utilize the PTA ISO 27001 library
for building ISO 27001 base line threat models
- Mitigate organization internal threats
with PTA recommendations
- Develop a risk reduction
methodology for handling legacy software
- Map PTA along with the
chronology of the penetration testing process
- Integrate penetration testing
output with PTA
Threat Analysis Methodology in-depth
- Articles from
PTA Professional Forum