BT

New Early adopter or innovator? InfoQ has been working on some new features for you. Learn more

Microsoft Released a Threat Modeling Tool

| by Abel Avram Follow 4 Followers on Jan 29, 2009. Estimated reading time: 1 minute |

Microsoft has released SDL Threat Modeling Tool 3, a tool used to model, analyze, track and mitigate security vulnerabilities early in the application’s design process.

Usually a threat modeling process involves the following steps:

  • Step 1: Identify security objectives. Clear objectives help you to focus the threat modeling activity and determine how much effort to spend on subsequent steps.
  • Step 2: Create an application overview. Itemizing your application's important characteristics and actors helps you to identify relevant threats during step 4.
  • Step 3: Decompose your application. A detailed understanding of the mechanics of your application makes it easier for you to uncover more relevant and more detailed threats.
  • Step 4: Identify threats. Use details from steps 2 and 3 to identify threats relevant to your application scenario and context.
  • Step 5: Identify vulnerabilities. Review the layers of your application to identify weaknesses related to your threats. Use vulnerability categories to help you focus on those areas where mistakes are most often made.

SDL Threat Modeling Tool allows the architects to analyze an application’s design and identify potential security vulnerabilities, suggest and manage the corresponding solutions and communicate those issue to other members of the team. The tool includes the following features:

  • Automation: Guidance and feedback in drawing threat diagrams
  • STRIDE Framework: Guided analysis of threats and mitigations
  • Integration: Issue-tracking systems
  • Reporting capabilities: Security activities and testing in the verification phase

While the tool itself is free, running it requires Visio 2007.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT