Tuesday, December 13, 2005

Attack Trees are .. mm.. fun...

This is a screenshot from the demo found on Amenaza.com, a company that builds a
software to create Attack trees.
Isn't it great what you can do with these tools?


Patroklos Argyroudis said...

There are open source alternatives that are pretty good, like for example FreeMind:


Although not specifically designed to model attack trees, FreeMind can be used for exactly that purpose. I have used it many times in the past to create comprehensive threat models for a wide variety of application domains.

hernan said...

Thanks for the comment. Anyways, the point was the hilarous comment about they being able to predict the 9/11 attack :).

I'm personally no fan of attack trees anyways :).

Patroklos Argyroudis said...

Agreed, the specific example is at the very least stupid. But generally attack trees are an interesting modelling methodology.

Anonymous said...

Threat modelling your applications sounds like a good idea...however creating attack trees in order to predict 73rr0 attacks and falling towers..coooome on! Worst thing is that the example probably brought a couple leads..