March 09, 2006

Microsoft Threat Analysis & Modeling v2.0

Microsoft has released a new beta of their Threat Analysis & Modeling tool which allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as:

  • Data access control matrix
  • Component access control matrix
  • Subject-object matrix
  • Data Flow
  • Call Flow
  • Trust Flow
  • Attack Surface
  • Focused reports

If you have spent any time working in Frank's previous threat modeling tool, you may want to check this out. You will be pleasantly surprised.

Happy threat modeling!

Posted by SilverStr at March 9, 2006 10:10 PM | TrackBack
Comments

Dana, thanks for pointing out Frank's lastest version of the MSTAM tool. Very nice. I really want a tool for doing general information security risk assessments. This is pretty close. Have you seen any good risk assessment tools? Do you know how to contact Frank so I might ask him about using his tool for risk assessments (i.e., to see if he has had similar interest from other, general ideas, etc.)?

-- clint (clint at robotic dot com)

Posted by: Clint Laskowski at March 12, 2006 02:32 PM
Post a comment









Remember personal info?