Threat modeling tool -- Spoofing of Destination RRS feed

  • Question

  • In the Microsoft threat modeling tool, if I create a web server, an external web service, and connect them with an HTTPS flow crossing an Internet boundary, I get a threat "Spoofing of the External Web Service External Destination Entity" even though the HTTPS connection has the attribute "Destination Authenticated: Yes" .  Is this a bug, or am I missing something?  Thanks.
    Thursday, January 24, 2019 7:39 PM