Threat Modeling
As part of new application development, I've been starting to use Threat Modeling in the design of new applications. When I get some time, I'm planning on saying a whole lot more about the Threat Modeling process. For now, here's the introduction:
According to MSDN, Threat Modeling is one of the top security analysis methodoligies that MS developers are using to identify security risks and make better application design, coding, and testing decisions.
They've also released a related application, the "Threat Modeling Tool" which generates a nice XML dataset of the information and provides a decent XSLT document to output the Threat Modeling report.
You can watch Frank Swiderski's demo of this tool at Channel 9 here.
Posted on 1:46 PM by j. montgomery, CISSP, GNET, GSEC and filed under
ace,
microsoft,
sdl,
threatmodeling
| 0 Comments »
According to MSDN, Threat Modeling is one of the top security analysis methodoligies that MS developers are using to identify security risks and make better application design, coding, and testing decisions.
They've also released a related application, the "Threat Modeling Tool" which generates a nice XML dataset of the information and provides a decent XSLT document to output the Threat Modeling report.
You can watch Frank Swiderski's demo of this tool at Channel 9 here.
Secure Coding in .NET: Developing Defensible Applications
Posts
0 comments:
Post a Comment