Microsoft SDL

Microsft Security Development Lifecycle (SDL) threat Modeling tool

SDL threat modeling tool

Threat Modeling is a Core Element of the Microsoft Security Development Lifecycle (SDL)

As part of the design phase of the SDL, threat modeling allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. Therefore, it helps reduce the total cost of development.

The SDL threat modeling tii is not just a tool for security experts

The SDL threat modeling tool is the first threat modeling tool which is not designed for security experts. It makes threat modeling easier for all developers by providing guidance on creating and analysing threat models.

The SDL threat modeling tool enables any developer or software architect to:

Communicate about the security design of their systems
Analyze those designs for potential security issues using a proven methodology
Suggest and manage mitigations for security issues

Capabilities and Innovations of the SDL Threat Modeling Tool

The SDL Threat Modeling Tool plugs into any issue-tracking system, making the threat modeling process a part of the standard development process.
Innovative features inlucde:

Integration: Issue-tracking systems
Automation: Guidance and feedback in drawing a model
STRIDE per element framework: Guided analysis of threats and mitigations
Reporting capabilities: Security activities and testing in the verification phase

The Unique Methodology of the SDL Threat Modeling Tool

The SDL Threat Modeling Tool differs from other tools and approaches in two key areas:

It is designed for developers and centered on software
Many threat modeling approaches center on assets or attackers. In contrast, the SDL approach to threat modeling is centered on the software. This new tool builds on activities that all software developers and architects are familiar with--such as drawing pictures for their software architecture.
It is focused on design analysis
The term "threat modeling" can refer to either a requirements or a design analysis technique. Sometimes, it refers to a complex blend of the two. The Microsoft SDL approach to threat modeling is a focused design analysis technique.

The diagram below summarises threat modeling process using the SDL tool.

The sdl process(source: http://www.microsoft.com/security/sdl/adopt/threatmodeling.aspx)

For videos showing the threat modeling process using the SDL tool, please visit this site.

Information was gathered from here