Threat modeling seeks to solve a fundamental quandary of developing applications: If you haven’t considered all of the potential threats to your software, how can you develop security controls to prevent them? If you don’t know what you’re defending against, how can you implement effective protection?
Microsoft—more specifically Microsoft Trustworthy Computing—is a zealous evangelist for threat modeling. When I visited Redmond in February and spent some time with various leaders in Microsoft Trustworthy Computing, most could not get through a 30-minute conversation without waxing poetic about the benefits and value of effective threat modeling. Now, Microsoft has launched the new Microsoft Threat Modeling Tool 2014 to help others embrace and employ the concept.
A post on the Security Development Lifecycle Blog states, “Threat modeling is an invaluable part of the Security Development Lifecycle (SDL) process. We have discussed in the past how applying a structured approach to threat scenarios during the design phase of development helps teams more effectively and less expensively identify security vulnerabilities, determine risks from those threats, and establish appropriate mitigations.”
The new tool has a number of enhancements and new capabilities to make it easier and more intuitive. For starters, Microsoft has built-in tools to migrate threat models from the previous version, enabling developers to update and build on existing designs.
Microsoft Threat Modeling Tool 2014 has a simplified workflow and a drawing surface capability. The new version no longer requires Microsoft Visio to create new threat models. The threat generation logic has been updated and improved—including the ability to generate threats based on the interaction between different elements of the code.
Microsoft also made the tool more flexible. The Microsoft Threat Modeling Tool 2014 comes with a base set of predefined threat definitions, but it gives users the option to add their own threats.download for freeThreat Modeling: Uncover Security Design Flaws Using the STRIDE Approach