Microsoft Releases Threat Modeling Tool to Help Write Secure Programs

Posted on June 29, 2006 by blakehandler
Threat Modeling To protect your applications from hackers, you have to understand the threats to your applications. Threat modeling is composed of three high-level steps: understanding the adversary’s view, characterizing the security of the system, and determining threats. The resources on this page will help you understand the threat modeling process and build threat models that you can use to secure your own applications.  
 
NEW! Microsoft Threat Analysis & Modeling Tool v2.0 RC2 allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as:
  • Data Access Control Matrix
  • Component Access Control Matrix
  • Subject-Object Matrix
  • Data Flow
  • Call Flow
  • Trust Flow
  • Attack Surface
  • Focused Reports
 
VIDEOS:
What is Microsoft Application Threat Modeling? A video introducing the Microsoft Application Threat Modeling process and The Microsoft Threat Analysis & Modeling v2 tool.
 
 
Creating a Threat Model Video Tutorials:
Channel 9 "Frank Swiderski – Threat Modeling Tool Revealed" Frank Swiderski is a security software engineer at Microsoft and wrote a threat modeling tool. So, we got a demo of the tool and discussed it, and threat modeling in general, with him.
 
BOOK: "Threat Modeling"  by Frank Swiderski and Window Snyder – Gain an in-depth, conceptual understanding — along with practical ways to integrate threat modeling into your development efforts:
  • Help anticipate attacks by seeing how adversaries assess your system — and compare their view to the developer’s or architect’s view
  • Employ a data flow approach to create a threat profile for a system
  • Reveal vulnerabilities in system architecture and implementation using investigative techniques such as threat trees and threat model-directed code reviews
  • Develop a credible security characterization for modeling threats
  • Use threat modeling to help verify security features and increase the resilience of software systems
  • Increase customer confidence in your products!

About blakehandler

BLAKE was a Microsoft MVP and award winning programmer with over 20+ years experience providing complete Windows and networking support for small to medium sized businesses. BLAKE is also Jazz Musician and Instructor for residential clients on the Los Angeles West Side.
This entry was posted in Know Where Know-How. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s