Octotrike.org
Home Docs Tools Papers Talks Contact
¤ BayThreat 2010 Presentation
HAZOP Analysis Using This Funky Spreadsheet I Made in My Back Yard

You, or your inexperienced security minion, can find security flaws in architecture or design quickly and easily using HAZOP analysis. All you need is a sequential description of what the application does and a clear definition of the negative security outcomes & attackers you're trying to prevent from abusing the system. And, of course, this handy spreadsheet from http://www.octotrike.org/.

This talk will include a quick rundown of getting the right data together, how to actually do HAZOP analysis, how to do HAZOP analysis in the Trike spreadsheet, the kind of results you'll get, and some effective ways to use those results. Experienced security analysts find more holes faster using this technique. The best part? After surprisingly little coaching, folks with minimal security experience can use this method to find about 80% of the design flaws experienced architecture security analysts find using ad hoc design reviews. And, it's repeatable and consistent, so after your minion takes the first pass, you can review and build on their work instead of having to redo the analysis from scratch to figure out whether they've missed anything.

Slides & Spreadsheet

HAZOP Analysis Using This Funky Spreadsheet I Made in My Back Yard discusses this version of the Trike spreadsheet.



Octopus

News

31 Jul 2012
Brenda Larcom will be presenting a half-day tutorial on using the current Trike spreadsheet to write security objectives at IEEE RE 2012, September 25 in Chicago, IL.

1 Jul 2012
First official spreadsheet release, 1.5.06.

1 Jul 2012
New SVN and web site organization to support parallel development of the standalone and spreadsheet tools.

Thanks

SourceForge.net Logo

Copyright 2004-2008 Brenda Larcom, Eleanor Saitta, and Stephanie Smith. Copyright 2009-2012 Brenda Larcom and Eleanor Saitta. All rights reserved.