Tuesday, April 25, 2006

Threat Analysis & Modeling

Application Security is very important for all the Applications .So it is a good idea to analyze the threats to the application at the design phase of the application.Recently Microsft has released a Threat Analysis & Modeling tool which can be used to analyze and model the threats in various phase of your software development life cycle.

Creating a threat model using the Microsoft Application Security Threat Analysis & Modeling tool is a three-phase process. First, you define your application context. Second, you model your threats on top of your application context. Third, you measure the risk that is associated with each threat. Once you have completed these phases, you can assimilate your threat models through analytics, visualizations, and reports.

The Threat Analysis & Modeling tool automatically generates potential threats to your software application, based solely on known information that you provide. The Threat Analysis & Modeling tool also has the capability to assimilate the information you provide to build security artifacts such as access control matrices, data flow and trust flow diagrams, and focused, customizable reports.

You can download it from Microsoft MSDN security center and try it .