Threat Modeling — To protect your applications from hackers, you have to understand the threats to your applications. Threat modeling is composed of three high-level steps: understanding the adversary’s view, characterizing the security of the system, and determining threats. The resources on this page will help you understand the threat modeling process and build threat models that you can use to secure your own applications.
NEW! Microsoft Threat Analysis & Modeling Tool v2.0 RC2 allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as:
- Data Access Control Matrix
- Component Access Control Matrix
- Subject-Object Matrix
- Data Flow
- Call Flow
- Trust Flow
- Attack Surface
- Focused Reports
NOTE: Requires Microsoft .NET Framework Version 2.0
VIDEOS:
What is Microsoft Application Threat Modeling? A video introducing the Microsoft Application Threat Modeling process and The Microsoft Threat Analysis & Modeling v2 tool.Creating a Threat Model Video Tutorials:Channel 9 "Frank Swiderski – Threat Modeling Tool Revealed" Frank Swiderski is a security software engineer at Microsoft and wrote a threat modeling tool. So, we got a demo of the tool and discussed it, and threat modeling in general, with him.
BOOK: "Threat Modeling" by Frank Swiderski and Window Snyder – Gain an in-depth, conceptual understanding — along with practical ways to integrate threat modeling into your development efforts:
- Help anticipate attacks by seeing how adversaries assess your system — and compare their view to the developer’s or architect’s view
- Employ a data flow approach to create a threat profile for a system
- Reveal vulnerabilities in system architecture and implementation using investigative techniques such as threat trees and threat model-directed code reviews
- Develop a credible security characterization for modeling threats
- Use threat modeling to help verify security features and increase the resilience of software systems
- Increase customer confidence in your products!