# ThreatModeling **Repository Path**: lab-mj/Threat-Modeling ## Basic Information - **Project Name**: ThreatModeling - **Description**: 威胁建模,安全左移的核心和基础 - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2022-08-25 - **Last Updated**: 2022-09-16 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # ThreatModeling #### 介绍 威胁建模,安全左移的核心和基础 #### Secure Development Lifecycle Framework 1. [Building Security In Maturity Model (BSIMM)](https://www.bsimm.com/framework.html)` - Synopsys - A framework for software security created by observing and analysing data from leading software security initiatives. 2. [Secure Development Lifecycle](https://www.microsoft.com/en-us/securityengineering/sdl/practices) - Microsoft - A collection of tools and practices that serve as a framework for the secure development lifecycle. 3. [Secure Software Development Framework](https://csrc.nist.gov/CSRC/media/Publications/white-paper/2019/06/07/mitigating-risk-of-software-vulnerabilities-with-ssdf/draft/documents/ssdf-for-mitigating-risk-of-software-vulns-draft.pdf) - NIST - A framework consisting of practices, tasks and implementation examples for a secure development lifecycle. 4. [Software Assurance Maturity Model](https://github.com/OWASP/samm) - OWASP - A framework to measure and improve the maturity of the secure development lifecycle. #### Secure Development Guidelines - [Application Security Verification Standard](https://owasp.org/www-project-application-security-verification-standard/) - _OWASP_ - A framework of security requirements and controls to help developers design and develop secure web applications. - [Coding Standards](https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards) - _CERT_ - A collection of secure development standards for C, C++, Java and Android development. - [Fundamental Practices for Secure Software Development](https://safecode.org/wp-content/uploads/2018/03/SAFECode_Fundamental_Practices_for_Secure_Software_Development_March_2018.pdf) - _SAFECode_ - Guidelines for implementing key secure development practices throughout the SDLC. - [Proactive Controls](https://owasp.org/www-project-proactive-controls/) - _OWASP_ - OWASP's list of top ten controls that should be implemented in every software development project. - [Secure Coding Guidelines](https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines) - _Mozilla_ - A guideline containing specific secure development standards for secure web application development. - [Secure Coding Practices Quick Reference Guide](https://owasp.org/www-pdf-archive/OWASP_SCP_Quick_Reference_Guide_v2.pdf) - _OWASP_ - A checklist to verify that secure development standards have been followed. #### Threat Model 1. [What is Threat Modeling / Wikipedia](https://en.wikipedia.org/wiki/Threat_model) 2. [Threat Modeling by OWASP](https://owasp.org/www-community/Threat_Modeling) 3. [Application Threat Modeling by OWASP](https://owasp.org/www-community/Application_Threat_Modeling) 4. [Agile Threat Modeling Toolkit](https://threagile.io) 5. [OWASP Threat Dragon](https://threatdragon.github.io) #### Secure Coding 1. [Secure coding guide by Apple](https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Introduction.html) 2. [Secure Coding Guidelines for Java SE](https://www.oracle.com/java/technologies/javase/seccodeguide.html) 3. [Go-SCP / Go programming language secure coding practices guide](https://github.com/OWASP/Go-SCP) 4. [Android App security best practices by Google](https://developer.android.com/topic/security/best-practices) 5. [Securing Rails Applications](https://guides.rubyonrails.org/security.html)