Microsoft Application Threat Modeling Blog
Security Guidance and Threat Modeling
I just posted a blog entry on the main drivers behind CTL in TAM v3.0. You can check it out at IST...
Date: 07/30/2009
TAM 3.0 Beta is Now Live!
I am excited to say that Threat Analysis and Modeling (TAM) 3.0 Beta is now live on download center....
Date: 07/23/2009
Threat Analysis And Modeling (TAM) v3.0 – Learn about the New Features!
Last time we briefly talked about releasing TAM v3.0 this year. With each week we’re inching closer...
Date: 07/20/2009
TAM 3.0
Been a little quiet lately on TAM related news but head over to Channel9 to hear RV talk about...
Date: 06/30/2009
Beautiful Security
My colleague Mark Curphey made available a chapter he wrote for a recently released security book. I...
Date: 06/26/2009
Tax Season... So Threat Model This...
Tax Season! I came across a scenario that I wanted to share… Scenario: You have some tax application...
Date: 03/17/2009
Updated SDL TM Tool Now Available!!
Very excited to announce that the SDL folks have released v3.1.4 of the SDL Threat Modeling Tool, as...
Date: 03/03/2009
Announcing CAT.NET CTP & Anti-XSS v3 BETA
Continuing our work to share the tools and techniques we use internally to maintain a secure...
Date: 12/15/2008
SDL Threat Modeling Tool Now Available!
We're really excited that our colleagues over in the SDL team have released a beta of their threat...
Date: 11/20/2008
New SDL Threat Modeling Tool Coming Soon!
Even though this blog’s focus has always been the ACE Threat Modeling tool and methodology which is...
Date: 09/19/2008
Is Threat Modeling Right For You?
Great post by my friend and colleague around threat modeling in a series he's doing on application...
Date: 06/18/2008
Threat Management the bigger picture
Threat Modeling is one those ‘sciences’ that is just now starting to gel into something...
Date: 05/29/2008
Using Threat Models Beyond the Design Stage
Threat Modeling is no longer the obscure magic is used to be. With the creation of tools like the...
Date: 05/22/2008
Hello Secure World
An awesome site to check out which also includes virtual labs you can leverage for secure coding!...
Date: 05/05/2008
Customizing TAM Dropdown lists
One of the most frequent questions we get is that someone is using a technology that is not listed...
Date: 03/17/2008
[VIDEO] Threat Modeling and Discovering Security Issues
Raffaele Rialdi, a Microsoft Developer Security MVP, sits down with Lori Grosland at TechEd ATE in...
Date: 02/18/2008
Threat Modeling: Diving into the Deep End
IEEE paper on the TAM tool. "Ford Motor Company is currently introducing threat modeling on...
Date: 01/08/2008
A discussion on threat modeling
There is a discussion I had recently with a few folks over email around threat modeling that I...
Date: 10/30/2007
TAM/TAMe and Other ACE Tools
Mark Curphey (newest member of ACE) recently did a post on a set of tools we have in our portfolio...
Date: 10/25/2007
XSSDetect BETA now available!
I've talked about threat modeling being one part of the overall information security puzzle... there...
Date: 10/23/2007
Threat Modeling & SDL-IT
A common challenge for folks looking at threat modeling as a control to potentially help them secure...
Date: 08/27/2007
Threat Profile and "Composite Threat"
Threat profile is a very interesting concept that identifies the complete set of threats in a given...
Date: 06/19/2007
Create a good threat model in 10 simple steps
How can I get a great and secure product without killing myself? This is not just a question for...
Date: 06/18/2007
Rich Internet Applications - The New Security Frontier
In the past we have been relying on the web browser to provide/restrict the user interface for...
Date: 06/18/2007
Enterprise Edition
I recently did a TechNet webcast to talk about how Microsoft IT Manages Security Knowledge for...
Date: 05/18/2007
Threat Analysis and Modeling v2.1.2 Now Available!!!
The new build contains a few fixes including one for problem that caused the threat model documents...
Date: 04/04/2007
Tips on Threat Analysis and Modeling Tool
Some tips to work with Threat Analysis and Modeling Tool, these could be useful specially when...
Date: 02/18/2007
Shortcuts List
Threat Analysis and Modeling contains lot of shortcuts for the most used functionality in the tool....
Date: 02/12/2007
Threat Analysis and Modeling tool setup updated!!!
The new version of th tool can be downloaded from https://go.microsoft.com/fwlink?linkid=77002. New...
Date: 02/09/2007
Threat Analysis and Modeling v2.1.1 Now Available!!!
[UDPATE] Auto-Save feature does not work as expected, this feature might give you errors and...
Date: 01/31/2007
Channel9 Interview
I did an interview a while back on Channel9 on our threat modeling tool and process... it went up a...
Date: 12/18/2006
Threat Anlysis and Modeling v2.1 Now Available!!!
[UDPATE] The download is now live. [UPDATE] Please send feedback & feature requests to...
Date: 11/30/2006
TAM v2.1 Sandboxing – Part II – Risk Measurement Plug-in
TAM v2.1 introduces a new security model for the plug-in under which the behavior of the plug-in can...
Date: 10/30/2006
ACE Team on Channel9
ACE Team is on Channel9. This is the 1st part of the interview (there is a part on the TM tool as...
Date: 10/25/2006
TAM v2.1 Sandboxing – Part I – Risk Measurement Plug-in
TAM v2.1 supports multiple risk measurement techniques by allowing the user to specify a plug-in to...
Date: 10/12/2006
Application security - The ACE View
As business process automation started to take hold in the early 1990s, organizations began to...
Date: 10/04/2006
Security lock down
As a part of the MSDN Security on the Brain Series of Conferences, there is a virtual conference on...
Date: 09/20/2006
APPLICATION RISK MANAGEMENT WEBCAST
Talhah has been blogging about Knowledge management and translation and some other stuff that nicely...
Date: 08/31/2006
Risk Measurement Plug-in Development
Threat Analysis and Modeling Tool (TAM) tool uses a interface to provide risk measurement plug-in...
Date: 08/30/2006
Customizing TAM drop-downs
We’ve been getting a lot of queries around the drop-downs in the TAM tool to define things like...
Date: 08/17/2006
Knowledge Management & Translation
The other day I was talking to someone about the next big project we’re working on around risk...
Date: 08/15/2006
Invest in security? Show me the ROI...
How many times have you tried to preach software security only to have someone ask you to show the...
Date: 08/10/2006
New addition to the team
Well, I joined the Microsoft ACE Team in May 2006. Having seen the Threat Modeling tool from the...
Date: 07/25/2006
RTM Now Available!!!
RTM version of the Threat Analysis and Modeling Tool v2.0 is now available here. Thank you for using...
Date: 07/06/2006
RC2 Release!!!
[Update] RC2 is live now and can be download from here, we had some technical difficulties earlier....
Date: 06/28/2006
RC2 & Looking forward...
We’re on track and got done with RC2 as of Friday and have released it internally. We’re not...
Date: 06/18/2006
Assembly Hijacking Video
Rocky's got a great video on assembly hijacking here (see "Presentation Videos" on left-hand side)....
Date: 05/26/2006
RC1 NOW AVAILABLE!
RC1 of the Threat Analysis & Modeling v2.0 is available for download here. Aside from bug fixes...
Date: 05/22/2006
We're Hiring!
The ACE Team is hiring... check out this post. -Talhah
Date: 04/22/2006
Security with Visual Studio Team System
Mark Groves, one the of PMs on the Visual Studio Team System for Software Architects (VSTESA) team...
Date: 04/17/2006