Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Microsoft Updates Threat Modeling Tool

Microsoft has updated its free Threat Modeling tool with new features designed to offer organizations more flexibility and help them implement a secure development lifecycle.

Microsoft has updated its free Threat Modeling tool with new features designed to offer organizations more flexibility and help them implement a secure development lifecycle.

“More and more of the customers I have been talking to have been leveraging threat modeling as a systematic way to find design-level security and privacy weaknesses in systems they are building and operating,” blogged Tim Rains, director of Microsoft Trustworthy Computing. “Threat modeling is also used to help identify mitigations that can reduce the overall risk to a system and the data it processes. Once customers try threat modeling, they typically find it to be a useful addition to their approach to risk management.”

The latest version of the tool includes the following new features:

  • New Drawing Surface Previous versions of the Threat Modeling Tool required Microsoft Visio to build the data flow diagrams, this new release has its own drawing surface and Visio is no longer needed.
  • STRIDE per Interaction Big improvement for this release is change in approach of how we generate threats. Microsoft Threat Modeling Tool 2014 uses STRIDE per interaction for threat generation, were past versions of the tool used STRIDE per element.
  • Migration for v3 Models Updating your older threat models is easier than ever. You can migrate threat models built with Threat Modeling Tool v3.1.8 to the format in Microsoft Threat Modeling Tool 2014
  • Update Threat Definitions We over further flexibility to our users to customize the tool according to their specific domain. Users can now extend the included threat definitions with ones of their own.

“Microsoft Threat Modeling Tool 2014 comes with a base set of threat definitions using STRIDE categories,” blogged Emil Karafezov, program manager on the Secure Development Tools and Policies team at Microsoft. “This set includes only suggested threat definitions and mitigations which are automatically generated to show potential security vulnerabilities for your data flow diagram. You should analyze your threat model with your team to ensure you have addressed all potential security pitfalls.”

“We hope these new enhancements in Microsoft Threat Modeling Tool 2014 will provide greater flexibility and help enable you to effectively implement the SDL process in your organization,” he added.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.