Threat Modeling

As part of new application development, I've been starting to use Threat Modeling in the design of new applications. When I get some time, I'm planning on saying a whole lot more about the Threat Modeling process. For now, here's the introduction:



According to MSDN, Threat Modeling is one of the top security analysis methodoligies that MS developers are using to identify security risks and make better application design, coding, and testing decisions.

They've also released a related application, the "Threat Modeling Tool" which generates a nice XML dataset of the information and provides a decent XSLT document to output the Threat Modeling report.

You can watch Frank Swiderski's demo of this tool at Channel 9 here.

0 comments: