Preface to the article
Threat Modeling is a continuously looping dynamic model that can help enterprises determine the threats, attacks, vulnerabilities and countermeasures that affect applications. Enterprises can use threat modeling to form the design of applications and implement the enterprise's Security goals and risk reduction
Tool introduction
Microsoft Threat Modeling Tool is a threat modeling tool released by Microsoft as GA in September 2018. The tool provides a process and visual display for creating relationship diagrams, identifying threats, mitigating problems, and verifying each mitigation operation. The following diagram highlights this process:
Tool installation
Download address: https://aka.ms/threatmodelingtool
install software:
tool panel
When you launch the threat modeling tool you will see the following items:
Select "Create A Model" to enter the model creation page.
Menu item functions:
Symbol menu items:
A mold is a unit used in threat modeling, such as an APP, a server, a database or a request. Together they constitute a system running topology. Through this topology, threat modeling tools can analyze the security risks. , common molds include the following categories:
Tool usage
Threat modeling is a relatively complex and difficult task. The difficulty lies in the understanding of the business system. If you have a good understanding of the system logic, you can quickly complete the threat modeling of a system. On the contrary, if you only know a little about the system logic, then Completing a threat modeling requires the cooperation of multiple parties, which becomes a complex process. When conducting threat modeling, you only need to perform the following steps:
Drag the mold from the mold bar on the left to the canvas
Double-click the mold on the canvas to modify its attribute values
Finally, a complete business system logic diagram is formed.
Summary at the end of the article
Overall, this gadget is usable, but I feel like some of the molds are not that complete.