Announcing CAT.NET CTP & Anti-XSS v3 BETA

Continuing our work to share the tools and techniques we use internally to maintain a secure application portfolio, we today announced the release of CAT.NET CTP and the next version of Anti-XSS. Irfan (Director of ACE) posted a nice entry on the ACE Team blog going over some of the history of these tools and how they…

1

SDL Threat Modeling Tool Now Available!

We’re really excited that our colleagues over in the SDL team have released a beta of their threat modeling tool, as one of several SDL-related announcements. As threat modeling matures as a discipline, there’s no single ‘right’ way to do it. Both the TAM tool and the SDL tool address specific needs that our user communities…

2

New SDL Threat Modeling Tool Coming Soon!

Even though this blog’s focus has always been the ACE Threat Modeling tool and methodology which is aligned to our SDL-IT process we use for line-of-business application in Microsoft, there is another security team in Microsoft dedicated to SDL. And as part of that process, they are getting ready to release the latest incarnation of…

2

Is Threat Modeling Right For You?

Great post by my friend and colleague around threat modeling in a series he’s doing on application security lifecycle.  http://blogs.msdn.com/akshay_aggarwal/archive/2008/06/11/application-security-development-lifecycle-5a-is-threat-modeling-right-for-you.aspx -Talhah  

2

Threat Management the bigger picture

Threat Modeling is one those ‘sciences’ that is just now starting to gel into something that can be implemented in a semi-automated fashion.  With TAM/e, we have a good approach to threat modeling that is both easy on the development team, and fairly comprehensive (perhaps too much so).  However there are still two very different…

2

Using Threat Models Beyond the Design Stage

Threat Modeling is no longer the obscure magic is used to be. With the creation of tools like the Threat Analysis and Modeling tool from the ACE Team, Threat Modeling is now easier to implement, faster and more comprehensive. Threat Modeling  is the cornerstone of any good Secure Development Lifecycle.  One of the reasons it…

0

Hello Secure World

An awesome site to check out which also includes virtual labs you can leverage for secure coding! Check it out: www.hellosecureworld.com  -Talhah

1

Customizing TAM Dropdown lists

One of the most frequent questions we get is that someone is using a technology that is not listed in the “Technology” drop downs and how can they customize it. Most of the dropdowns are part of the metadata system in the tool and are stored in an XML file in the user’s profile. Fortunately,…

0

[VIDEO] Threat Modeling and Discovering Security Issues

Raffaele Rialdi, a Microsoft Developer Security MVP, sits down with Lori Grosland at TechEd ATE in Barcelona 2007 and talks about security and the Threat Analysis & Modeling tool (with demo). http://www.virtualteched.com/pages/videossearch.aspx?KW=raffaele  Also check out his blog at http://blogs.ugidotnet.org/raffaele.  -Talhah

2

Threat Modeling: Diving into the Deep End

IEEE paper on the TAM tool.  “Ford Motor Company is currently introducing threat modeling on strategically important IT applications and business processes. The objective is to support close collaboration between IT Security & Controls (the ITS group at Ford) and its business customers in analyzing threats and better understanding risk. To accomplish this, a core group of…

1