The Microsoft Threat Analysis & Modeling application was designed to allow non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model.
Along with automatically identifying threats, the tool can produce valuable security artifacts such as:
- Data access control matrix
- Component access control matrix
- Subject-object matrix
- Data Flow
- Call Flow
- Trust Flow
- Attack Surface
- Focused reports
Requirements:
· Microsoft .NET Framework Version 2.0
What's New in This Release: [ read full changelog ]
· Azure based CTL store
· Visio drawing surface for use cases
· Intelligent TFS Sync
· Automated tool update detection
· Modified methodology to make threat modeling simpler
· Composite Threats and single threat for a call
· Improved Automatic Threat Generation
· v2.1 Import with automated countermeasure mapping
· Updated countermeasure structure
· Other minor UI and functionality tweaks
