Proposed Pull Request Change

📄 Document Links

View on GitHub View on Microsoft Learn

--- title: Microsoft Threat Modeling Tool overview - Azure description: Overview of the Microsoft Threat Modeling Tool, containing information on getting started with the tool, including the Threat Modeling process. author: jegeib ms.author: jegeib ms.service: information-protection ms.topic: article ms.date: 02/16/2017 #customer intent: As a software architect or developer, I want to understand how to use the Microsoft Threat Modeling Tool so that I can identify and mitigate potential security issues early in the design process. --- # Microsoft Threat Modeling Tool The Threat Modeling Tool is a core element of the Microsoft Security Development Lifecycle (SDL). It allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. As a result, it greatly reduces the total cost of development. Also, we designed the tool with non-security experts in mind, making threat modeling easier for all developers by providing clear guidance on creating and analyzing threat models. The tool enables anyone to: * Communicate about the security design of their systems * Analyze those designs for potential security issues using a proven methodology * Suggest and manage mitigations for security issues Here are some tooling capabilities and innovations, just to name a few: * **Automation:** Guidance and feedback in drawing a model * **STRIDE per Element:** Guided analysis of threats and mitigations * **Reporting:** Security activities and testing in the verification phase * **Unique Methodology:** Enables users to better visualize and understand threats * **Designed for Developers and Centered on Software:** many approaches are centered on assets or attackers. We are centered on software. We build on activities that all software developers and architects are familiar with -- such as drawing pictures for their software architecture * **Focused on Design Analysis:** The term "threat modeling" can refer to either a requirements or a design analysis technique. Sometimes, it refers to a complex blend of the two. The Microsoft SDL approach to threat modeling is a focused design analysis technique ## Next steps The table below contains important links to get you started with the Threat Modeling Tool: See also: [System requirements](threat-modeling-tool-releases.md) | Step | Description | | ----- | --------------------------------------------------------------------------------------------- | | **1** | [Download the Threat Modeling Tool](https://aka.ms/threatmodelingtool) | | **2** | [Read Our getting started guide](threat-modeling-tool-getting-started.md) | | **3** | [Get familiar with the features](threat-modeling-tool-feature-overview.md) | | **4** | [Learn about generated threat categories](threat-modeling-tool-threats.md) | | **5** | [Find mitigations to generated threats](threat-modeling-tool-mitigations.md) | ## Resources Here are a few older articles still relevant to threat modeling today: * [Article on the Importance of Threat Modeling](/archive/msdn-magazine/2009/january/security-briefs-getting-started-with-the-sdl-threat-modeling-tool) * [Training Published by Trustworthy Computing](https://www.microsoft.com/download/details.aspx?id=16420) Check out what a few Threat Modeling Tool experts have done: * [Threats Manager](https://simoneonsecurity.com/threatsmanagersetup-v1-5-10/) * [Simone Curzi Security Blog](https://simoneonsecurity.com/)