[OWASP-Delhi] Regarding Microsoft Threat Modeling tool 2014

Suman Sourav suman.sourav at gmail.com
Thu Mar 26 18:01:43 UTC 2015

Hi Archana, 

I am using it ..see my comment inline below on ur email. 

Feel free to reach me if u need any ‎further help.  

‎Best part of 2014 version is u dont need vision now.. :-) 


Sent from my BlackBerry Passport.
  Original Message  
From: Archana Vakkaleri Muralidharan
Sent: Friday, 27 March, 2015 00:27
To: owasp-delhi at lists.owasp.org
Subject: [OWASP-Delhi] Regarding Microsoft Threat Modeling tool 2014

Hi Folks,

Has anyone worked on Microsoft Threat Modeling tool 2014 version? We couldn't find any documentation on tool features . For e.g. what each type of Stencil is all about, etc. We are trying to build an application threat model . However, the tool gives out a lot of generic errors and warnings and we couldn't find any supporting documentation to help resolve those.

Sample Errors and Warnings:-

The connector is not attached to stencils in a close proximity. Error Diagram 1 True

For each block there is a limited connecting points‎ which u can see as dot points.. so when u r connecting one block to other..both should be connected on their dot points. 

External interactor should communicate over trust boundary. Warning Diagram 1 True


In this case you have not created a trust boundary..so lets say if u have webserver hosted behind firewall then u have to create a trust boundary between external user block diagram and webserver.. and webserver should be inside the trust boundaries.  

Attached TMTGettingStartedGuide.docx doesn't explain tool features in detail. Any suggestions would be of great help. Thanks in advance.

Kind Regards,


**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely 
for the use of the addressee(s). If you are not the intended recipient, please 
notify the sender by e-mail and delete the original message. Further, you are not 
to copy, disclose, or distribute this e-mail or its contents to any other person and 
any such actions are unlawful. This e-mail may contain viruses. Infosys has taken 
every reasonable precaution to minimize this risk, but is not liable for any damage 
you may sustain as a result of any virus in this e-mail. You should carry out your 
own virus checks before opening the e-mail or attachment. Infosys reserves the 
right to monitor and review the content of all messages sent to or from this e-mail 
address. Messages sent to or from this e-mail address may be stored on the 
Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***

More information about the OWASP-Delhi mailing list