[OWASP-Delhi] Regarding Microsoft Threat Modeling tool 2014

Pankaj Upadhyay mr.p.upadhyay at gmail.com
Thu Mar 26 19:36:51 UTC 2015

1) Connector is just lying there and not attached to one of the little
squares on the entity. Do that and your error will go away.

2) You need to understand the trust boundaries first. You might be using
some external connector such as browser which might be communicating with a
server and you're putting them in one trust boundary. Separate them with a
boundary, this warning will go away.

Regarding references, refer Threat Modelling book by Snyder or another book
by Adam Shostock.


On Monday, March 23, 2015, Archana Vakkaleri Muralidharan <
Archana_VM at infosys.com> wrote:

> Hi Folks,
> Has anyone worked on Microsoft Threat Modeling tool 2014 version? We
> couldn't find any documentation on tool features . For e.g. what each type
> of Stencil is all about, etc. We are trying to build an application threat
> model . However, the tool gives out a lot of generic errors and warnings
> and we couldn't find any supporting documentation to help resolve those.
> Sample Errors and Warnings:-
> The connector is not attached to stencils in a close proximity. Error
>  Diagram 1       True
> External interactor should communicate over trust boundary.     Warning
> Diagram 1       True
> Attached TMTGettingStartedGuide.docx doesn't explain tool features in
> detail.  Any suggestions would be of great help. Thanks in advance.
> Kind Regards,
> Archana
> **************** CAUTION - Disclaimer *****************
> solely
> for the use of the addressee(s). If you are not the intended recipient,
> please
> notify the sender by e-mail and delete the original message. Further, you
> are not
> to copy, disclose, or distribute this e-mail or its contents to any other
> person and
> any such actions are unlawful. This e-mail may contain viruses. Infosys
> has taken
> every reasonable precaution to minimize this risk, but is not liable for
> any damage
> you may sustain as a result of any virus in this e-mail. You should carry
> out your
> own virus checks before opening the e-mail or attachment. Infosys reserves
> the
> right to monitor and review the content of all messages sent to or from
> this e-mail
> address. Messages sent to or from this e-mail address may be stored on the
> Infosys e-mail system.
> ***INFOSYS******** End of Disclaimer ********INFOSYS***

Sent from MI3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-delhi/attachments/20150327/d79d17bb/attachment.html>

More information about the OWASP-Delhi mailing list