Microsoft Threat Analysis and Modeling

By Deane Barker on February 22, 2009

Threat Analysis & Modeling v2.1.2: If you have some time, consider taking a look at this free tool from Microsoft.

Microsoft Threat Analysis & Modeling tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model.

I spent about five minutes with it, but it’s very deep. You identify different interfaces your system exposes, the different roles, and the different actions they can take on various pieces of data. The system will them model all the potential threats and points of compromise, which you can then categorize and address.

Here’s a larger blog post about how to use the tool.

[…] this tool really shines when used in the design phase of new applications. In fact, the Threat Analysis and Modeling Tool is robust enough that you may consider using it as your primary design tool for all new applications.

It’s impressive for a free tool, and it appears it would take a fair amount of usage to make sense. But if you’re in charge of security for your app, this is probably worth looking at.



Comments are closed. If you have something you really want to say, email and we‘ll get it added for you.