Welcome Sign in
Security Developer Center

Application Threat Modeling

Application Threat Modeling

Welcome to the Microsoft Application Threat Modeling page. Here you'll find all the information you need for Application Threat Modeling, including the Microsoft Threat Analysis & Modeling v2.0 tool. Learn more about Application Threat Modeling.

Customer Highlights

Boeing Company

Boeing develops their line of business applications using a standard software development lifecycle process, which incorporates Microsoft Threat Analysis and Modeling to enable secure system design. Using this application, Boeing is able to provide focused and contextualized guidance to application development teams to aid in the process of building and maintaining secure systems.

The Application Threat Modeling Team Blog

Read the blog of the Microsoft Application Consulting & Engineering (ACE) team for the latest information relating to the process and the tool.

Security Headlines Feed

New SDL Threat Modeling Tool Coming Soon!
Even though this blog’s focus has always been the ACE Threat Modeling tool and methodology which is aligned to our SDL-IT process we use for line-of-business application in Microsoft, there is another security team in Microsoft dedicated to SDL. And as part of that process, they are getting ready to... more
Is Threat Modeling Right For You?
Great post by my friend and colleague around threat modeling in a series he's doing on application security lifecycle.  http://blogs.msdn.com/akshay_aggarwal/archive/2008/06/11/application-security-development-lifecycle-5a-is-threat-modeling-right-for-you.aspx -Talhah  ... more
Threat Management the bigger picture
Threat Modeling is one those ‘sciences’ that is just now starting to gel into something that can be implemented in a semi-automated fashion.  With TAM/e, we have a good approach to threat modeling that is both easy on the development team, and fairly comprehensive (perhaps too much... more

Downloads

We’ll be adding more downloads soon, including attack libraries, customized reports, threat model templates, and risk measurement plug-ins. Come back and see what we have in store for you.

 

Tutorials

In the coming weeks, we’ll be adding more tutorials. They'll cover all levels of working with Application Threat Modeling, including a four-part tutorial on creating a threat model and a guide to assimilating threat models using the tool.

Support

Please e-mail the Application Threat Modeling Team for any questions relating to the process or the tool. Also, use this e-mail address to report any bugs or to provide any feedback or suggestions you may have.

Services are also offered around threat modeling including:

  • Training Session – A hands-on course showing how to create and assimilate a threat model.
  • Guide – Provides guidance for your application development teams as they create and assimilate a threat model.
  • Threat Modeling Integration Service – Microsoft will completely set up the infrastructure to integrate threat modeling into your Software Development Lifecycle.

For questions on any one of these services, please e-mail Security Development Lifecycle – IT.
Page view tracker