共用方式為


Threat Modeling Tool Posted

I've seen Micheal talk about security a number of times and it's always entertaining as well as informative. Today he announced the availability of a new threat modeling tool. We have to create threat models for just about every VS feature these days so its nice to have such tools available to the public. Good Times - Josh

Yesterday, we posted Frank Swiderski's excellent Threat Modeling Tool. We've been using this internally to do threat models for several months and now the tool is out of beta and ready for the world. Frank's new book, Threat Modeling should be out soon.

Threat Modeling Tool
The Threat Modeling Tool allows users to create threat model documents for applications. It organizes relevant data points, such as entry points, assets, trust levels, data flow diagrams, threats, threat trees, and vulnerabilities into an easy-to-use tree-based view. The tool saves the document as XML, and will export to HTML and MHT using the included XSLTs, or a custom transform supplied by the user.

If you're new to threat modeling, check out the Threat Modeling Chapter from Improving Web Application Security: Threats and Countermeasures. You'll also want to check out Chatper 4 of Writing Secure Code, Second Edition. Mike has a post on this as well.

[Via Brian Johnson ]

Comments

  • Anonymous
    May 25, 2004
    Correction: That's actually text from Brian Johnson's blog post, pointing at Michael Howard's blog post.
  • Anonymous
    May 25, 2004
    Good catch. I grabbed the wrong post. It looks weird, but my update is at least technically correct now.