Microsoft Threat Analysis & Modeling 2.0 RC1 beta
Publisher's Description:
Microsoft Threat Analysis & Modeling tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as Data access control matrix, Component access control matrix, Subject-object matrix, Data Flow, Call Flow, Trust Flow, Attack Surface and Focused reports.
Latest User Reviews:
| Reviewer: | Webprofusion | May 25, 2006 |
|---|
| Version: | 2.0 RC1 | |
|---|
| |
|
It certainly does what it says. This is a wizard driven security threat checklist generator. You enter the types of application your developing, the roles invovles, the data types involved etc and it generates a checklist report of all the things you should be testing for and guarding against. Very comprehensive but very technical - could benefit from more/easier/softer help in the interface to make clear whats expected of the user. Very interesting.
|
| Rating: |  |
|
|---|
| Reviewer: | Aloof | May 25, 2006 |
|---|
| Version: | 2.0 RC1 | |
|---|
| |
"uh, what? Is that english?"
Uh, yes, and not *that* high of a level, either.
|
| Rating: |  |
|
|---|
| Reviewer: | The MAZZTer | May 24, 2006 |
|---|
| Version: | 2.0 RC1 | |
|---|
| |
No, it's businessese.
Hence the reason why I'm not trying it, and why we should have comments without ratings...
|
| Rating: |  |
|
|---|
| Reviewer: | mjm01010101 | May 24, 2006 |
|---|
| Version: | 2.0 RC1 | |
|---|
| |
"Microsoft Threat Analysis & Modeling tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model."
uh, what? Is that english?
|
| Rating: | |
|
|---|
|
|
