Microsoft Security Development Lifecycle (SDL) - Threat Modeling announcement
-
Link
I have had the pleasure over the past few months to spend some time playing with an early rendition of " Elevation of Privilege: The Threat Modeling Game". According to Adam, "Elevation of Privilege is the easiest way to get started threat modeling". I couldn't agree more. If you have a team that is new to the whole process of threat modeling, you will want to check it out. If you are at RSA this week, drop by the Microsoft booth and pick the game up for free. If you aren't, you can download it here.
EoP is a card game for 3-6 players. The deck contains 74 playing cards in 6 suits: one suit for each of the STRIDE threats (Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service and Elevation of Privilege). Each card has a more specific threat on it. You can see a short video on how to play and some more information about the game by checking our Adam's post here. In the end, it is a game that makes it possible to have more fun when thinking about threats. And that's a good thing.
Even more impressive is that they have released the game under Creative Commons Attribution license which gives you freedom to share, adapt and remix the game. So you if you feel you can improve up this, step up and let everyone know!!
Congratulations to the SDL team for creating an innovative way to approach the concept of threat modeling. -
Link
Hey guys,
The latest beta of the Threat Modeling tool is now available for download at: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=a48cccb1-814b-47b6-9d17-1e273f65ae19&displaylang=en
Many bugs previously reported have been fixed, along with support for Visio 2010.
Please give the beta a download and check it out if you have open bugs. Let me know if you have any problems and I'll send it back up the chain within Microsoft!
Happy threat modeling!
Categories
-
Select allManaged Extensibility FrameworkMicrosoft adCenter: DevelopmentMicrosoft ESP Platform Development (Archived)Microsoft Security Development Lifecycle (SDL) - Threat ModelingMicrosoft Security Development Lifecycle (SDL) - ToolsMicrosoft Unified Communications AJAX SDKMicrosoft Unified Communications Client SDKModel-Based Testing with Spec ExplorerModerator Posting Only Forum SandboxMS-Build, Multi-Targeting and WiX in the Visual Studio 2010 and .NET Framework 4.0 CTPMSDN SandboxMultimap API Development Forum
-
Select allAnnouncements for all ForumsForums Redesign - Q&A / DiscussionsWhere is the Forum For…?Forums Issues (not product support)Suggestions and Feedback for the ForumsOff-Topic Posts (Do Not Post Here)MSDN and TechNet Profile and Recognition System Discussions
-
Select allVisual C#Visual BasicVisual C++C++ Standards, Extensions, and InteropParallel Computing in C++ and Native CodeVisual F#Microsoft "Roslyn" CTP
-
Select allVisual Studio General QuestionsVisual Studio Setup and InstallationVisual Studio ExtensibilityVisual Studio Tools for OfficeVisual Studio EditorMSBuildVisual Studio LightSwitch ExtensibilityVisual Studio LightSwitch - General QuestionsLightSwitch HTML Client PreviewVisual Studio Visualization & Modeling ToolsTesting with Visual Studio Test Manager (MTM)Test Tools in Visual Studio 2010 and 2012Visual Studio Unit TestingVisual Studio Diagnostics (Debugger, Profiler, IntelliTrace)Visual Studio Tools for Applications (VSTA)
-
Select allUI Design for Windows Store appsTailoring your Windows Store app for hardware and devicesBuilding Windows Store apps with HTML5/JavaScriptBuilding Windows Store apps with C++Building Windows Store apps with C# or VBBuilding Windows Store games with DirectXTools for Windows Store appsPublishing Windows Store apps
-
Select allApplication Compatibility for Windows Desktop DevelopmentDeveloping Windows Desktop Applications with Power ManagementWindows Desktop Development for Accessibility and AutomationDirectShow DevelopmentGeneral Windows Desktop Development IssuesWindows Desktop Development for Ink, Touch, and Tablet PCMedia Foundation Development for Windows DesktopMicrosoft Message Queuing (MSMQ)Network MonitorWindows Desktop Optical Platform DiscussionPeer-to-Peer Networking for Windows DesktopApplication Security for Windows DesktopWindows Desktop Sidebar Gadget DevelopmentUser Interface development for Windows DesktopVisual C++Windows Desktop DebuggingWindows Desktop Search DevelopmentWindows Desktop Search HelpWindows Filtering Platform (WFP)Windows Imaging Component (WIC)Windows Desktop Perfmon and Diagnostic toolsWindows Desktop Pro-Audio Application DevelopmentWindows Desktop SDKWindows Desktop Web Services API (webservices.dll)Windows Desktop Winsock Kernel (WSK)Windows Hardware WDK and Driver DevelopmentDevelopment with the Windows Sensor and Location PlatformWindows Desktop Ribbon DevelopmentWindows Hardware Testing and CertificationC++ Standards, Extensions, and InteropMessage Analyzer
-
Select allDeveloping for Windows PhoneTools for Windows Phone developmentShare your "How To" samplesPush NotificationsIn-App AdvertisingMango Update (Archived)Expression Blend for Windows Phone
-
Select allDeveloping Apps for Office 2013General Office DevelopmentAccess for DevelopersExcel for DevelopersOutlook for DevelopersWord for DevelopersOpen XML Format SDKVisual Studio Tools for Office
-
Select allWindows Azure DevelopmentWindows Azure Troubleshooting, Diagnostics & LoggingWindows Azure Storage, CDN and CachingWindows Azure SQL DatabaseConnectivity and Messaging - Windows AzureManaging Services on Windows AzureSecurity for Windows AzureWindows Azure Purchasing, Pricing & BillingWorkflow Manager 1.0Service Bus 1.0Windows Azure Active DirectoryWindows Azure Active AuthenticationWindows Azure Media ServicesWindows Azure BizTalk ServicesWindows Azure Virtual NetworkWindows Azure Virtual Machines
Filter
:
All Threads
All Threads
Answered
Unanswered
Proposed Answers
General Discussion
No Replies
Helpful
Has Code
All Languages
