Denim Group Website

My Photo
Powered by TypePad

Programming Blogs - Blog Catalog Blog Directory

Denim Group

« Perceived vs. Substantive Security | Main | Headed to RSA »

April 09, 2008


TrackBack URL for this entry:

Listed below are links to weblogs that reference Death Star Threat Modeling:



Very nicely done! Easy to understand and a very entertaining read for a Star Wars nerd like me. :)

HOPE Attendee

Hello Kevin,

Were you going to release your slide show that you gave at HOPE? I would love to give it to some of my more risky developers.


The death star had a number of security issues as well as the exhaust vulnerability.

1. Identity management was terrible, anyone could just walk around in a stolen stormtrooper outfit.

2. Ship searching procedures were not great, examples of security incidents are the hijackings during a ship search.

3. Authentication, there are no encryption or authentication mechanisms on any of the computer terminals, the controls for the tractor beam, the controls in the prison block or anywhere else.

4. Physical, there are no authentication mechanisms on any of the doors so anyone can go anywhere in the station.

The comments to this entry are closed.