[OWASP-Delhi] Regarding Microsoft Threat Modeling tool 2014

Archana Vakkaleri Muralidharan Archana_VM at infosys.com
Thu Mar 26 20:13:00 UTC 2015


Thanks Pankaj. This helps.



Kind Regards,

Archana

________________________________
From: Pankaj Upadhyay [mr.p.upadhyay at gmail.com]
Sent: Thursday, March 26, 2015 3:36 PM
To: Archana Vakkaleri Muralidharan
Cc: owasp-delhi at lists.owasp.org
Subject: Re: [OWASP-Delhi] Regarding Microsoft Threat Modeling tool 2014

1) Connector is just lying there and not attached to one of the little squares on the entity. Do that and your error will go away.

2) You need to understand the trust boundaries first. You might be using some external connector such as browser which might be communicating with a server and you're putting them in one trust boundary. Separate them with a boundary, this warning will go away.

Regarding references, refer Threat Modelling book by Snyder or another book by Adam Shostock.

Thanks,
Pankaj
https://twitter.com/p_upadhyay9999

On Monday, March 23, 2015, Archana Vakkaleri Muralidharan <Archana_VM at infosys.com<mailto:Archana_VM at infosys.com>> wrote:
Hi Folks,



Has anyone worked on Microsoft Threat Modeling tool 2014 version? We couldn't find any documentation on tool features . For e.g. what each type of Stencil is all about, etc. We are trying to build an application threat model . However, the tool gives out a lot of generic errors and warnings and we couldn't find any supporting documentation to help resolve those.



Sample Errors and Warnings:-



The connector is not attached to stencils in a close proximity. Error   Diagram 1       True

External interactor should communicate over trust boundary.     Warning Diagram 1       True



Attached TMTGettingStartedGuide.docx doesn't explain tool features in detail.  Any suggestions would be of great help. Thanks in advance.



Kind Regards,

Archana

**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely
for the use of the addressee(s). If you are not the intended recipient, please
notify the sender by e-mail and delete the original message. Further, you are not
to copy, disclose, or distribute this e-mail or its contents to any other person and
any such actions are unlawful. This e-mail may contain viruses. Infosys has taken
every reasonable precaution to minimize this risk, but is not liable for any damage
you may sustain as a result of any virus in this e-mail. You should carry out your
own virus checks before opening the e-mail or attachment. Infosys reserves the
right to monitor and review the content of all messages sent to or from this e-mail
address. Messages sent to or from this e-mail address may be stored on the
Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***


--
Sent from MI3


More information about the OWASP-Delhi mailing list