Is there any good open source software for Security Risk Analysis?

Question

for example something like one explained on : http://www.security-risk-analysis.com/introduction.htm

I'm sorry, it is not clear what you are asking. I think it has lost something in translation. You might try editing the question. — Graham Hill, Jun 14 '12 at 08:57
If you are worried about using a weak password the solution is really simple. Don't use weak passwords — Ramhound, Jun 14 '12 at 11:33
That's much clearer, thanks. Next question: what sort of risk analysis methodology do you use? There are many different approaches, and each one has different requirements. — Graham Hill, Jun 14 '12 at 14:10

score 3 · Accepted Answer · answered Jul 15 '12 at 23:09

No. Security risk analysis requires intelligence, understanding of security concepts, knowledge of the application domain, and experience with security. It's not something you can automate with a tool. There is no substitute for having an experienced security expert understand your application domain and perform a security risk analysis.

(Of course, there may be opportunities for a security expert to use tools to help him/her with the analysis. But the tool is not a replacement for a human expert. A tool cannot perform a security risk analysis on its own.)

score 1 · Answer 2 · answered Jun 14 '12 at 18:51

1

As risk analysis and threat modeling are closely related IMO, I think you should give Threat Modeler a try. Free and works great for me :)

http://www.myappsecurity.com/threatmodeler/

answered Jun 14 '12 at 18:51

Henri

1,545
10
11

Is there any good open source software for Security Risk Analysis?

2 Answers2