130 Core Software Security
Application Security Frame Categories. Retrieved from http://msdn.microsoft.com/
en-us/library/ff649461.aspx.
13. OWASP (2012), Application Threat Modeling. https://www.owasp.org/index.php/
Application_Threat_Modeling.
14. Saitta, P., Larcom, B., and Eddington, M. (2005), Trike v.1 Methodology Document
[Draft]. Retrieved from http://octotrike.org/papers/Trike_v1_Methodology_
Document-draft.pdf.
15. OWASP (2012), Threat Risk Modeling. Retrieved from https://www.owasp.org/
index.php/Threat_Risk_Modeling.
16. Saitta, P., Larcom, B., and Eddington, M. (2005), Trike v.1 Methodology Document
[Draft]. Retrieved from http://octotrike.org/papers/Trike_v1_Methodology_
Document-draft.pdf.
17. U.S. Department of Homeland Security—US CERT (2009), Requirements and
Analysis for Secure Software—Software Assurance Pocket Guide Series: Development,
Volume IV Version 1.0, October 5, 2009. Retrieved from https://buildsecurityin.
us-cert.gov/swa/downloads/RequirementsMWV1001AM091111.pdf.
18. MyAppSecurity (2012), Comparison of Threat Modeling Methodologies: P.A.S.T.A
(Process for Attack Simulation and Threat Analysis). Retrieved from http://www.
myappsecurity.com/threat-modeling/comparison-threat-modeling-methodologies.
19. Morana, M., and Ucedavelez, T. (2011), “OWASP Threat Modeling of Banking
Malware-Based Attacks Presentation,” AppSec EU, June 10, 2011, Trinity College,
Dublin, Ireland. Retrieved from https://www.owasp.org/images/5/5f/Marco_
Morana_and_Tony_UV_-_Threat_Modeling_of_Banking_Malware.pdf.
20. Morana, M. (2011), “Writing Secure Software Blog: Attack Simulation and
Threat Analysis of Banking Malware-Based Attacks,” June 10, 2011. Retrieved
from http://securesoftware.blogspot.com/2011/06/attack-simulation-and-threat-
analysis.html.
21. MyApp Security (2012), ThreatModeler. Retrieved from http://www.myappsecurity.
com.
22. FiRST (2012), FiRST Homepage. Retrieved from http://www.first.org.
23. FiRST (2012), “CVSS Frequently Asked Questions.” Retrieved from http://www.
first.org/cvss/faq.
24. Software Engineering Institute–Carnegie Mellon (2012), OCTAVE. Retrieved
from http://www.cert.org/octave.
25. OWASP (2012), Threat Risk Modeling. Retrieved from https://www.owasp.org/
index.php/Threat_Risk_Modeling.
26. STANDARDS Australia–New Zealand (2012), AS/NZS ISO 31000:2009 Risk
Management-Principles and Guidelines. Retrieved from http://sherq.org/31000.pdf.
27. ISO (2012), ISO 31000:2009—Risk Management—Principles and Guidelines.
Retrieved from http://www.iso.org/iso/catalogue_detail?csnumber=43170.
28. Cisodesk (2012), Threat Modeling—Practice Guide. Retrieved from http://www.
cisodesk.com/web-application-security/threat-modeling-in-practice.
29. OWASP (2012), Application Threat Modeling: STRIDE Threat & Mitigation
Techniques List. Retrieved from https://www.owasp.org/index.php/Application_
Threat_Modeling.