Today, we have launched the TrustOnCloud ControlCatalog. A reactive UI to navigate our ThreatModels, such as the open-source ThreatModel for Amazon S3.
After the initial release, we got some fantastic replies (see below).
What’s stood out from those feedbacks and many others is:
1) As security professionals, we must dive deep and;
2) It requires a significant mental effort from the reader to commit to understanding a 160-page PDF.
With ControlCatalog, we want to help anyone to take advantage of the data from our ThreatModels, whether you have 5 or 50 minutes. It allows the reader to pivot between threats and controls, see the MITRE ATT&CK®, see the top threats and controls, understand a particular flow, etc.
To get started, visit the ThreatModel of Amazon S3 on ControlCatalog.
Hmmm — looks very interesting and helpful! https://t.co/loKwVwNQnV
— Jeff Barr
(@
)
(@jeffbarr) February 18, 2022
Dear god this is
fucking thorough https://t.co/OiDiGEMEZP—
Kinnaird McQuade(@kmcquade3) August
24, 2021
S3 threat model
out on vacation! pic.twitter.com/demF11glnO—
katnik(@NightmareJS) February
4, 2022
Threat Model for
AWS S3 via @trustoncloud.
S3 is arguably the simplest of over 200 cloud services, each with its
own (similarly complex) threat model.This is why we
drink. #infosechttps://t.co/e1EiaKflyz
pic.twitter.com/jQi0hJsmXa—
Jan Schaumann (@jschauma) August
28, 2021
A super
comprehensive (160+ pages!) open source #AWS
S3 threat model document from the team @trustoncloud.
It’s incredible how many attack vectors can exist for just a
single service.#cloud
#securityhttps://t.co/ufibTHiX2Y—
Matt Fuller (@matthewdfuller) August
23, 2021
