实践之后，我们来谈谈如何做好威胁建模 – 作者:美团点评安全应急响应中心

参考资料：

https://michenriksen.com/blog/drawio-for-threat-modeling/?ref=hackernoon.com

https://github.com/cncf/financial-user-group/tree/master/projects/k8s-threat-model

http://ceur-ws.org/Vol-413/paper12.pdf

https://community.iriusrisk.com/

https://threatdragon.org/login

http://mozilla.github.io/seasponge/#/

https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html

http://www.owasp.org.cn/owasp-project/OWASP_Top_10_Proactive_Controls_V3v1.1.pdf

http://www.woshipm.com/it/1663882.html

https://developer.ibm.com/zh/components/redhat-openshift-ibm-cloud/articles/threat-modeling-microservices-openshift-4/

https://docs.microsoft.com/en-us/archive/msdn-magazine/2006/november/uncover-security-design-flaws-using-the-stride-approach

https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html

https://csrc.nist.gov/publications/detail/sp/800-154/draft?ref=wellarchitected

https://github.com/google/end-to-end/wiki/Threat-model

来源：freebuf.com 2021-04-30 18:07:49 by: 美团点评安全应急响应中心