Tuesday, December 13, 2005

Attack Trees are .. mm.. fun...


This is a screenshot from the demo found on Amenaza.com, a company that builds a
software to create Attack trees.
Isn't it great what you can do with these tools?

4 comments:

Patroklos Argyroudis said...

There are open source alternatives that are pretty good, like for example FreeMind:

http://freemind.sourceforge.net/wiki/index.php/Main_Page

Although not specifically designed to model attack trees, FreeMind can be used for exactly that purpose. I have used it many times in the past to create comprehensive threat models for a wide variety of application domains.

hernan said...

Thanks for the comment. Anyways, the point was the hilarous comment about they being able to predict the 9/11 attack :).

I'm personally no fan of attack trees anyways :).

Patroklos Argyroudis said...

Agreed, the specific example is at the very least stupid. But generally attack trees are an interesting modelling methodology.

Anonymous said...

Threat modelling your applications sounds like a good idea...however creating attack trees in order to predict 73rr0 attacks and falling towers..coooome on! Worst thing is that the example probably brought a couple leads..