[OWASP-Delhi] Regarding Microsoft Threat Modeling tool 2014
suman.sourav at gmail.com
Thu Mar 26 18:01:43 UTC 2015
I am using it ..see my comment inline below on ur email.
Feel free to reach me if u need any further help.
Best part of 2014 version is u dont need vision now.. :-)
Sent from my BlackBerry Passport.
From: Archana Vakkaleri Muralidharan
Sent: Friday, 27 March, 2015 00:27
To: owasp-delhi at lists.owasp.org
Subject: [OWASP-Delhi] Regarding Microsoft Threat Modeling tool 2014
Has anyone worked on Microsoft Threat Modeling tool 2014 version? We couldn't find any documentation on tool features . For e.g. what each type of Stencil is all about, etc. We are trying to build an application threat model . However, the tool gives out a lot of generic errors and warnings and we couldn't find any supporting documentation to help resolve those.
Sample Errors and Warnings:-
The connector is not attached to stencils in a close proximity. Error Diagram 1 True
For each block there is a limited connecting points which u can see as dot points.. so when u r connecting one block to other..both should be connected on their dot points.
External interactor should communicate over trust boundary. Warning Diagram 1 True
In this case you have not created a trust boundary..so lets say if u have webserver hosted behind firewall then u have to create a trust boundary between external user block diagram and webserver.. and webserver should be inside the trust boundaries.
Attached TMTGettingStartedGuide.docx doesn't explain tool features in detail. Any suggestions would be of great help. Thanks in advance.
**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely
for the use of the addressee(s). If you are not the intended recipient, please
notify the sender by e-mail and delete the original message. Further, you are not
to copy, disclose, or distribute this e-mail or its contents to any other person and
any such actions are unlawful. This e-mail may contain viruses. Infosys has taken
every reasonable precaution to minimize this risk, but is not liable for any damage
you may sustain as a result of any virus in this e-mail. You should carry out your
own virus checks before opening the e-mail or attachment. Infosys reserves the
right to monitor and review the content of all messages sent to or from this e-mail
address. Messages sent to or from this e-mail address may be stored on the
Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***
More information about the OWASP-Delhi