Threat modeling is an invaluable part of the Security Development Lifecycle (SDL) process. It helps engineering teams find potential security issues earlier in the development phase, along with recommendations on how to fix them. The Microsoft Threat Modeling Tool Preview is a free tool to help you find threats in software projects earlier in the design phase and is available as a click-to-download “PREVIEW MODE” today.
This latest preview includes the following improvements:
Built-in Azure Templates
In addition to the existing generic stencils, we have added Azure specific templates, enabling users to create high fidelity dataflow diagrams and get Azure specific generated threats, along with possible mitigation steps
Possible Azure Mitigations
In addition to generated threats, we added potential mitigations in the Azure templates to help users more readily find solutions to their design threats.
Community Template Uploads
Users are now able to share their templates with the Threat Modeling Tool community through GitHub. When approved the template will appear as an option in the drop-down menu.
Each generated threat corresponds to an interaction on the diagram, which now is easier to see. With this improvement, any other interaction fades to white, whereas the one highlighted on the list becomes more prominent to see
For power users with generated threat lists of 100+ items, this feature allows you to know exactly which threats you've already analyzed by looking at the read/unread indicator, which is represented by the bold font, similar to items in a mailbox.
To help users visually find high, medium and low severity issues, the generated threat list is now color coded. This feature allows users to visually see what should be tackled first at-a-simple-glance.
We also made some critical fixes to this preview release, and hope these new enhancements will provide greater flexibility and help enable you to effectively implement threat modeling in your organization. Since this is in preview mode, there are many more improvements to come, so join us on the journey to making the tool better by downloading it today! We recommend that you keep the Customer Improvement Experience checkbox on so we can better understand tooling issues and feature enhancements. This will help us continuously make the tool better.
For more information and additional resources, visit:
- Microsoft Security Development Lifecycle (SDL)
- Getting Started with Threat Modeling: Elevation of Privilege (EoP) Game
Thanks to all who helped in shipping this preview through internal and external feedback. Your input was critical to improving the tool and customer experience. We now look forward to keep improving the tool with you! Download it here.