
Web Application Threat Model - kabuks
http://msdn.microsoft.com/en-us/library/ms978534.aspx
======
mahmud
Threat modeling is a pain in the ass, doubly so if you're using an automated
tool.

Simple, platform and software-specific checklists might be better. Here is a
generic one as well.

[http://www.sans.org/reading_room/whitepapers/securecode/a_se...](http://www.sans.org/reading_room/whitepapers/securecode/a_security_checklist_for_web_application_design_1389)

~~~
showerst
Please post a [PDF] warning on pdf links.

------
joubert
I want to vomit when I read the word "stakeholders".

