Security Guidance and Threat Modeling

I just posted a blog entry on the main drivers behind CTL in TAM v3.0. You can check it out at IST blog site. Thanks RV


TAM 3.0 Beta is Now Live!

I am excited to say that Threat Analysis and Modeling (TAM) 3.0 Beta is now live on download center. You can download it from here. As this is a beta build we have set up a Connect site that enable you to submit bugs and feature requests.  You will need to register at with…


Threat Analysis And Modeling (TAM) v3.0 – Learn about the New Features!

Last time we briefly talked about releasing TAM v3.0 this year. With each week we’re inching closer to that goal. TAM v3.0 release is focused on 3 main areas of the tool including: threat modeling methodology gathering application architecture security guidance Apart from these import and export of items to and from threat model, threat…

TAM 3.0

Been a little quiet lately on TAM related news but head over to Channel9 to hear RV talk about what’s upcoming for TAM 3.0. -Talhah

Beautiful Security

My colleague Mark Curphey made available a chapter he wrote for a recently released security book. I had a chance to read his chapter and it’s an absolutely fantastic read with some great thoughts! It’s a must read even if you have even a passing interest in the information security landscape. Check out more here. -Talhah 

Tax Season… So Threat Model This…

Tax Season! I came across a scenario that I wanted to share…   Scenario: You have some tax application that, let’s say, we’ll call OnlineTaxApp. You also have your online banking site where you manage your finances/investments/etc. called OnlineBankingSite. Then there is you looking to fill out your tax return. As part of the data…


Updated SDL TM Tool Now Available!!

Very excited to announce that the SDL folks have released v3.1.4 of the SDL Threat Modeling Tool, as the latest and greatest release to apply the DFDs and STRIDE per Element approach to threat modeling.  It’s a free download, so why not check it out? -Talhah


Announcing CAT.NET CTP & Anti-XSS v3 BETA

Continuing our work to share the tools and techniques we use internally to maintain a secure application portfolio, we today announced the release of CAT.NET CTP and the next version of Anti-XSS. Irfan (Director of ACE) posted a nice entry on the ACE Team blog going over some of the history of these tools and how they…


SDL Threat Modeling Tool Now Available!

We’re really excited that our colleagues over in the SDL team have released a beta of their threat modeling tool, as one of several SDL-related announcements. As threat modeling matures as a discipline, there’s no single ‘right’ way to do it. Both the TAM tool and the SDL tool address specific needs that our user communities…


New SDL Threat Modeling Tool Coming Soon!

Even though this blog’s focus has always been the ACE Threat Modeling tool and methodology which is aligned to our SDL-IT process we use for line-of-business application in Microsoft, there is another security team in Microsoft dedicated to SDL. And as part of that process, they are getting ready to release the latest incarnation of…