The first iteration of Microsoft Threat Modeling Tool was rolled out in 2011. Back then, the program known as Security Development Lifecycle or plainly SDL Threat Modelling Tool permitted non-security subject matter experts to create and analyze threat models by
This article in our series focused on Microsoft’s free security tools is on the Security Development Lifecycle (SDL) Threat Modeling Tool. For a quick backgrounder on threat modeling, let me recommend an article that my colleague, Michael Howard, recently published on threat modeling. Michael describes threat modeling like this: One of the most valuable and important SDL practices is threat. Microsoft Free SDL Threat Modeling Tool: Tool from Microsoft that makes threat modeling easier for all developers by providing guidance on creating and analyzing threat models. Following diagram displays the SDL threat modeling process.
- Communicating about the security design of their systems
- Analyzing those design for potential security issues using a proven methodology
- Suggesting and managing mitigations for security issues
Microsoft Threat Modeling Tool
The tool however suffered from some errors and had certain foreseen limitations. This realization prompted Microsoft to come up with an updated version of the tool based on customer feedback and suggestions for improvements.
Microsoft Threat Modeling Tool
Thus, the latest version of the free Security Development Lifecycle Threat Modeling Tool includes a new drawing surface that no longer requires Microsoft Visio to build data flow diagrams.
Secondly, the update also includes the ability to migrate earlier, existing threat models built with version 3.1.8 to the new format. Users of the threat modelling tool can simply upload existing custom-built threat definitions into the tool.
Apart from the features outlined above, the Microsoft Threat Modeling Tool includes enhancements made to its visualization capabilities, customization features older models and threat definitions, as well as a change to it generates threats.
Threat Modeling Tool
New Drawing Surface
The new release provides a simplified workflow for building a threat model and help remove existing dependencies. Microsoft explains users will get intuitive user interface with easy navigation for creating threat models.
Files32 does not provide download link from Rapidshare, Yousendit, Mediafire, Filefactory and other Free file hosting service also. Snippet tool for mac.
STRIDE per Interaction
One of the major improvements for this release is a change in approach of how people generate threats. Microsoft Threat Modelling Tool 2014 uses STRIDE per interaction for threat generation. Versions of the tool in the earlier past used STRIDE per element.
WebEx Meetings 1.3 Cross Platform Support Desktop Windows Mac Linux Version Vista 7 8 8.1 10.6 10.7 10.8 10.9 See Internet Explorer 7 Partial No No No No No No No No 8 Yes Yes No No No No No No No 9 No Yes No No No No No No No 10 No Yes Yes Yes No No No No No 11 No Yes Yes Yes No No No No No Firefox Latest Yes Yes Yes Yes Yes Yes Yes Yes Yes Chrome* Latest Yes Yes Yes Yes Yes Yes Yes Yes No Safari 5 No No No No Yes Yes Yes No No 6 No No No No No Yes Yes No No 7 No No No No No No No Yes No WebEx Meetings 1.3 System Requirements Windows support • Intel Core2 Duo CPU 2.XX GHz or AMD processor. Using webex on a mac.
Migration for v3 Models
Microsoft Security Development Lifecycle or SDL Threat Modelling Tool makes it easier for users to update older threat models. How? You can migrate threat models built with Threat Modelling Tool v3.1.8 to the format in Microsoft Threat Modelling Tool 2014
Print Microsoft Threat Modeling Tool 2016
Update Threat Definitions
Different customizing options are available to the users! Microsoft claims it offers the flexibility to customize the tool according to their specific domain. People can extend the included threat definitions with ones of their own after authoring the provided XML format. For details on adding your own threats, Microsoft suggests going through the Threat Modelling tool SDK.
Microsoft Threat Modelling Tool 2014 comes with a base set of threat definitions using STRIDE categories. This set includes only suggested threat definitions and mitigations which are automatically generated to show potential security vulnerabilities for your data flow diagram. You should analyze your threat model with your team to ensure you have addressed all potential security pitfalls, blogged Emil Karafezov, program manager on the Secure Development Tools and Policies team at Microsoft.
For more information, visit MSDN Blogs. You can download the Microsoft Threat Modeling Tool 2016here.
Related Posts: