I've seen Micheal talk about security a number of times and it's always entertaining as well as informative. Today he announced the availability of a new threat modeling tool. We have to create threat models for just about every VS feature these days so its nice to have such tools available to the public. Good Times - Josh
Yesterday, we posted Frank Swiderski's excellent Threat Modeling Tool. We've been using this internally to do threat models for several months and now the tool is out of beta and ready for the world. Frank's new book, Threat Modeling should be out soon.[Via Brian Johnson]
Threat Modeling ToolIf you're new to threat modeling, check out the Threat Modeling Chapter from Improving Web Application Security: Threats and Countermeasures. You'll also want to check out Chatper 4 of Writing Secure Code, Second Edition. Mike has a post on this as well.
The Threat Modeling Tool allows users to create threat model documents for applications. It organizes relevant data points, such as entry points, assets, trust levels, data flow diagrams, threats, threat trees, and vulnerabilities into an easy-to-use tree-based view. The tool saves the document as XML, and will export to HTML and MHT using the included XSLTs, or a custom transform supplied by the user.