TAM 3.0

Been a little quiet lately on TAM related news but head over to Channel9 to hear RV talk about what’s upcoming for TAM 3.0. -Talhah

0

Beautiful Security

My colleague Mark Curphey made available a chapter he wrote for a recently released security book. I had a chance to read his chapter and it’s an absolutely fantastic read with some great thoughts! It’s a must read even if you have even a passing interest in the information security landscape. Check out more here. -Talhah 

0

Tax Season… So Threat Model This…

Tax Season! I came across a scenario that I wanted to share…   Scenario: You have some tax application that, let’s say, we’ll call OnlineTaxApp. You also have your online banking site where you manage your finances/investments/etc. called OnlineBankingSite. Then there is you looking to fill out your tax return. As part of the data…

2

Updated SDL TM Tool Now Available!!

Very excited to announce that the SDL folks have released v3.1.4 of the SDL Threat Modeling Tool, as the latest and greatest release to apply the DFDs and STRIDE per Element approach to threat modeling.  It’s a free download, so why not check it out? -Talhah

1

Announcing CAT.NET CTP & Anti-XSS v3 BETA

Continuing our work to share the tools and techniques we use internally to maintain a secure application portfolio, we today announced the release of CAT.NET CTP and the next version of Anti-XSS. Irfan (Director of ACE) posted a nice entry on the ACE Team blog going over some of the history of these tools and how they…

1

SDL Threat Modeling Tool Now Available!

We’re really excited that our colleagues over in the SDL team have released a beta of their threat modeling tool, as one of several SDL-related announcements. As threat modeling matures as a discipline, there’s no single ‘right’ way to do it. Both the TAM tool and the SDL tool address specific needs that our user communities…

2

New SDL Threat Modeling Tool Coming Soon!

Even though this blog’s focus has always been the ACE Threat Modeling tool and methodology which is aligned to our SDL-IT process we use for line-of-business application in Microsoft, there is another security team in Microsoft dedicated to SDL. And as part of that process, they are getting ready to release the latest incarnation of…

2

Is Threat Modeling Right For You?

Great post by my friend and colleague around threat modeling in a series he’s doing on application security lifecycle.  http://blogs.msdn.com/akshay_aggarwal/archive/2008/06/11/application-security-development-lifecycle-5a-is-threat-modeling-right-for-you.aspx -Talhah  

2

Hello Secure World

An awesome site to check out which also includes virtual labs you can leverage for secure coding! Check it out: www.hellosecureworld.com  -Talhah

1

[VIDEO] Threat Modeling and Discovering Security Issues

Raffaele Rialdi, a Microsoft Developer Security MVP, sits down with Lori Grosland at TechEd ATE in Barcelona 2007 and talks about security and the Threat Analysis & Modeling tool (with demo). http://www.virtualteched.com/pages/videossearch.aspx?KW=raffaele  Also check out his blog at http://blogs.ugidotnet.org/raffaele.  -Talhah

2