About Application Threat Modeling
What is Microsoft Application Threat Modeling?
Threat modeling is based on a simple principle: Building a secure application requires an understanding of the threats against that application. The challenge has been the difficulty in adopting threat modeling practice for software application development. Over the past two years, the Microsoft Application Consulting & Engineering (ACE) team has developed a process that allows non-security subject matter experts to produce feature-rich threat models. The process:
- Provides a consistent methodology for objectively identifying and evaluating threats to applications.
- Translates technical risk to business impact.
- Empowers a business to manage risk.
- Creates awareness among teams of security dependencies and assumptions.
Microsoft Application Threat Modeling is a critical security activity, enabling effective application risk management during the SDLC and beyond. Application Threat Modeling is enforced as part of the Security Development Lifecycle for IT (SDL-IT) at Microsoft. |
What is the Microsoft Threat Analysis & Modeling Tool?
To facilitate the creation and assimilation of threat models, the Microsoft ACE Team created the Microsoft Threat Analysis & Modeling tool. Now nonsecurity subject matter experts can enter already-known data, including business requirements and application architecture, which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce such valuable security artifacts as:
- Data access control matrix
- Component access control matrix
- Subject-object matrix
- Data flow
- Call flow
- Trust flow
- Attack surface
- Focused report
|