Return to
HomePage
Ideas, suggestions, submissions?
Threat Modeling Web Applications Feedback
Source: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/TMWA.asp
WOW!
You’ve done it again.
1. I LOVE the hand drawn diagrams. Punch any person who says “take them out”. Don’t even say anything, just punch them hard, turn and walk away. Better yet, tell me who to punch and I will. They provide such a deep tangibility, a “I can do that” to something that has been scary and untouchable. A lot of people downplay security because they don’t understand and feel stupid; the hand drawn diagrams really make a connection to the reader. Resist all temptation to make them the normal MSDN diagrams. People need to feel that they can do the diagrams (and in turn the process) and you get that feel with the hand drawn diagrams.
2. The walkthrough is priceless. I heard the Queen of England is going to knight you all for it. I love the story telling, it not only provides what happened but insight into WHY it happened and was important. You really brought out a lot of key things that could easily get lost in any other presentation type. The way some information is synthesized from conversations and other needs from policy or elsewhere. You drew that out very nicely. You also got to harp on the importance of time-boxing, something near and dear to your heart and something I completely suck at. ;)
3. The walkthrough is awesome.
a. It provides one of those simple processes that you can remember in your head and ties it into a real life scenario. It bridges the gap between “ok, I read about a process that I’m going to forget about in 15 minutes” and “a friend told me what they did and I think I could do it”
b. It provides sample dialogs of “bigger thinking” that I think a lot of people need to see and understand.
c. I also like the way you answer questions that most people would have by having people in the walkthrough ask the same question. People won’t feel stupid reading it b/c they’re seeing other people have the same questions that they did. More than likely they’ll be more open to asking questions or interjecting after reading this.
d. Its like being a fly on the wall. Its not a classroom, its not some black and white document. Its as if I was there and participated. This is an awesome presentation that will stick in people’s heads. People remember things much more clearly if they do them or participate in doing something. The way this is written up is much more likely to be remembered and shared than any task list.
4. I like the template and sample template.
a. The template is critical for providing a guided tour of what should be capture, how and when and what to look for/think about.
b. The sample template helps is another piece that gets people to jump across the “how the hell am I going to do this” to the “oh, duh! I can do THAT!”.
Awesome! Keep up the great work.
Return to
HomePage
Channel 10: Black Friday Deals on Windows 7 Machines
ASP.NET: Presenting in Europe Next Week
WindowsClient: You know your post rate has gone down...
Silverlight: Geek Profiles – Scott Guthrie
