Microsoft Threat Analysis & Modeling v2.0

downloaded the new version of Microsoft Threat Analysis & Modeling tool to have
a quick play with it. Seems like a fairly slick program and walks you through building
a comprehensive threat model of an application. Here’s the blurb:

Microsoft Threat Analysis & Modeling tool allows non-security
subject matter experts to enter already known information including business requirements
and application architecture which is then used to produce a feature-rich threat model.
Along with automatically identifying threats, the tool can produce valuable security
artifacts such as:

– Data access control matrix

– Component access control matrix

– Subject-object matrix

– Data Flow

– Call Flow

– Trust Flow

– Attack Surface

– Focused reports

I managed to build a sample threat tree within a few
minutes, but it’s quite a job to map all the threats against a particular application
(especially an n-tiered one)

Check it out: Download
details: Threat Analysis & Modeling v2.0

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.