Microsoft Threat Analysis & Modeling tool allows non-security subject
matter experts to enter already known information including business
requirements and application architecture which is then used to produce a
feature-rich threat model. Along with automatically identifying threats, the
tool can produce valuable security artifacts.
The Threat Analysis and Modeling Tool
v2.0 is now available
here.
These are the main features of the package:
- TreeView Navigation with visibility to all nodes at all
times
- Wizard based threat model creation
- Default Attack library
with descriptive countermeasure guidance
- Automatic Threats and Use Cases
generation
- Consolidated Call Flow (System Flow), Attack Surface, Threat
Tree are some of the few visualizations available, which can all be exported to
Visio
- Exportable Analytics and Reports to HTML
- Import v1.0
Threat Model (models created using Torpedo v1)
- Export countermeasures
and attack test cases to Visual Studio Team Foundation Server
(TFS)
- Import SDM Deployment Reports from VSTA
- Copy Paste and
Drag-&-Drop features
- Enhanced Find Feature
- Video
Tutorials
Go to the
Application Threat Modeling site, to get started.