Click here to Skip to main content
Click here to Skip to main content

Threat Modeling

, 11 Oct 2013 CPOL
Rate this:
Please Sign up or sign in to vote.
It's absolutely necessary if you're serious about security.Whitepapers/Books/BlogsThreat Modeling for ASP.NET (PDF) - an excellent white

Editorial Note

This articles was originally at wiki.asp.net but has now been given a new home on CodeProject. Editing rights for this article has been set at Bronze or above, so please go in and edit and update this article to keep it fresh and relevant.

It's absolutely necessary if you're serious about security.

Whitepapers/Books/Blogs

  • Threat Modeling for ASP.NET (PDF) - an excellent white paper from Rüdiger Grimm and Henrik Eichstädt from the University of Kent
  • Threat Modeling book from MSPress - "In this straightforward and practical guide, Microsoft application security specialists Frank Swiderski and Window Snyder describe the concepts and goals for threat modeling—a structured approach for identifying, evaluating, and mitigating risks to system security."
  • High-Level Threat Modelling Process - Short blog post on Threat Modelling from Peter Torr.
  • Threat Modeling Web Applications - patterns & practices Library
    This guidance presents the patterns & practices approach to creating threat models for Web applications. Threat modeling is an engineering technique you can use to help you identify threats, attacks, vulnerabilities, and countermeasures that could affect your application. You can use threat modeling to shape your application's design, meet your company's security objectives, and reduce risk.

How To

Tools

  • Microsoft Threat Modelling Tool - "The Threat Modeling Tool allows users to create threat model documents for applications. It organizes relevant data points, such as entry points, assets, trust levels, data flow diagrams, threats, threat trees, and vulnerabilities into an easy-to-use tree-based view. The tool saves the document as XML, and will export to HTML and MHT using the included XSLTs, or a custom transform supplied by the user. The Threat Modeling Tool was built by Microsoft Security Software Engineer Frank Swiderski, the author of Threat Modeling (Microsoft Press, June 2004)."

Enjoy!

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

ASP.NET Community

United States United States
The ASP.NET Wiki was started by Scott Hanselman in February of 2008. The idea is that folks spend a lot of time trolling the blogs, googlinglive-searching for answers to common "How To" questions. There's piles of fantastic community-created and MSFT-created content out there, but if it's not found by a search engine and the right combination of keywords, it's often lost.
 
The ASP.NET Wiki articles moved to CodeProject in October 2013 and will live on, loved, protected and updated by the community.
Group type: Collaborative Group

428 members


Comments and Discussions

 
-- There are no messages in this forum --
| Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.141220.1 | Last Updated 11 Oct 2013
Article Copyright 2013 by ASP.NET Community
Everything else Copyright © CodeProject, 1999-2014
Layout: fixed | fluid