SlideShare ist ein Scribd-Unternehmen logo

Microsoft threat modeling tool 2016

Rihab Chebbah
Rihab Chebbah

Microsoft threat modeling tool 2016

Bildung
1 von 13
Downloaden Sie, um offline zu lesen
Microsoft Threat Modeling Tool 2016 Rihab CHEBBAH June 16, 2016 Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 1 / 14
Contents 1 Introduction Threat Modeling Microsoft Security Development Lifecycle Threat Modeling 2 Microsoft Threat Modeling Tool 2016 Definition Model in use The design View and DFDs The Analysis View and Threat Management 3 Conclusion Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 2 / 14
Introduction Threat Modeling Threat Modeling? Definition Offers a description of the security issues and resources the designer cares about; can help to assess the probability, the potential harm, the priority etc., of attacks, and thus help to minimize or eradicate the threats. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 3 / 14
Introduction Microsoft Security Development Lifecycle Threat Modeling Microsoft Security Development Lifecycle Threat Modeling? Definition Microsoft’s Security Development Lifecycle (SDL) acts as a security assurance process which focuses on software development used to ensure a reduction in the number and severity of vulnerabilities in software; Threat Modeling is a core element of the Microsoft SDL; Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 4 / 14
Microsoft Threat Modeling Tool 2016 Definition Microsoft Threat Modeling Tool 2016 Definition graphically identifies processes and data flows (DFD) that comprise an application or service. enables any developer or software architect to Communicate about the security design of their systems; Analyze those designs for potential security issues using a proven methodology; Suggest and manage mitigations for security issues. based on the STRIDE Model. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 5 / 14
Microsoft Threat Modeling Tool 2016 Model in use STRIDE model STRIDE model The name STRIDE is based on of the initial letter of possible threats: Spoofing Tampering Repudiation Information disclosure Denial of service Elevation of privilege It classifies threats in accordance with their categories. By using these categories of threats, one has the ability to create a security strategy for a particular system in order to have planned responses and mitigations to threats or attacks. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 6 / 14
Microsoft Threat Modeling Tool 2016 The design View and DFDs The design View The Microsoft Threat Modeling tool offers an easy way to get started with threat modeling. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 7 / 14
Microsoft Threat Modeling Tool 2016 The design View and DFDs Stencils pane : Process: components that perform computation on data External: entities external to the system such as web services, browsers, authorization providers etc. Store: data repositories Flow: communication channels used for data transfer between entities or components Boundary: trust boundaries of different kinds such as internet, machine, user-mode/ kernel-mode boundaries etc. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 8 / 14
Microsoft Threat Modeling Tool 2016 The design View and DFDs DFD The tool uses a simple drag and drop action in order to build a flow diagram for any use case or function specified. we use DFD to illustrate how data moves through the system. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 9 / 14
Microsoft Threat Modeling Tool 2016 The Analysis View and Threat Management The Analysis View Switching to the Analysis view displays an auto generated list of possible threats based on the data flow diagram. we illustrate with this view the different threats as well as their properties such as (name, categories, description, Threat Priority: High, Medium, or, Low) Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 10 / 14
Microsoft Threat Modeling Tool 2016 The Analysis View and Threat Management Reporting In addition, a Report feature allows the generation of a comprehensive report covering all identified threats and their current state. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 11 / 14
Conclusion Conclusion The Microsoft’s SDL threat Modeling Tool 2016 offers an easy drawing environment,an automatic threat generation using the stride per interaction approach . It helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 12 / 14
That’s all folks Thank you for your attention ! Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 13 / 14

Empfohlen

Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Kannan Ganapathy
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modellingInvisibits
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 

Empfohlen

Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Kannan Ganapathy
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modellingInvisibits
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Secure Software Development Life Cycle (SSDLC)
Secure Software Development Life Cycle (SSDLC)Secure Software Development Life Cycle (SSDLC)
Secure Software Development Life Cycle (SSDLC)Aymeric Lagier
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOARSiemplify
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptxVivek Chauhan
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SASTBlueinfy Solutions
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Cyber Threat Modeling
Cyber Threat ModelingCyber Threat Modeling
Cyber Threat ModelingEC-Council
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development pathsChelsea Jarvie
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case studyAntonio Fontes
 
Geolocation Artifacts & Timeline Analysis: A Digital Forensics Case Study
Geolocation Artifacts & Timeline Analysis: A Digital Forensics Case StudyGeolocation Artifacts & Timeline Analysis: A Digital Forensics Case Study
Geolocation Artifacts & Timeline Analysis: A Digital Forensics Case StudyMagnet_Forensics
 

Weitere ähnliche Inhalte

Was ist angesagt?

7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Secure Software Development Life Cycle (SSDLC)
Secure Software Development Life Cycle (SSDLC)Secure Software Development Life Cycle (SSDLC)
Secure Software Development Life Cycle (SSDLC)Aymeric Lagier
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOARSiemplify
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptxVivek Chauhan
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SASTBlueinfy Solutions
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Cyber Threat Modeling
Cyber Threat ModelingCyber Threat Modeling
Cyber Threat ModelingEC-Council
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development pathsChelsea Jarvie
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 

Was ist angesagt? (20)

Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Secure Software Development Life Cycle (SSDLC)
Secure Software Development Life Cycle (SSDLC)Secure Software Development Life Cycle (SSDLC)
Secure Software Development Life Cycle (SSDLC)
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOAR
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SAST
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
Cyber Threat Modeling
Cyber Threat ModelingCyber Threat Modeling
Cyber Threat Modeling
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development paths
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
 

Andere mochten auch

Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case studyAntonio Fontes
 
Geolocation Artifacts & Timeline Analysis: A Digital Forensics Case Study
Geolocation Artifacts & Timeline Analysis: A Digital Forensics Case StudyGeolocation Artifacts & Timeline Analysis: A Digital Forensics Case Study
Geolocation Artifacts & Timeline Analysis: A Digital Forensics Case StudyMagnet_Forensics
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)FFRI, Inc.
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best PracticesClint Edmonson
 
Hans Henseler - Intelligent data analysis for improving public security - Da...
Hans Henseler - Intelligent data analysis for improving public security - Da...Hans Henseler - Intelligent data analysis for improving public security - Da...
Hans Henseler - Intelligent data analysis for improving public security - Da...DataValueTalk
 
SplunkLive Brisbane Splunk for Operational Security Intelligence
SplunkLive Brisbane Splunk for Operational Security IntelligenceSplunkLive Brisbane Splunk for Operational Security Intelligence
SplunkLive Brisbane Splunk for Operational Security IntelligenceSplunk
 
Containerization - The DevOps Revolution
Containerization - The DevOps RevolutionContainerization - The DevOps Revolution
Containerization - The DevOps RevolutionYulian Slobodyan
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best PracticesSource Conference
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleNCC Group
 
CCNA Security - Chapter 1
CCNA Security - Chapter 1CCNA Security - Chapter 1
CCNA Security - Chapter 1Irsandi Hasan
 
Evaluating an open research project: Benefits and challenges from the ROER4D ...
Evaluating an open research project: Benefits and challenges from the ROER4D ...Evaluating an open research project: Benefits and challenges from the ROER4D ...
Evaluating an open research project: Benefits and challenges from the ROER4D ...SarahG_SS
 

Andere mochten auch (12)

Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
 
Geolocation Artifacts & Timeline Analysis: A Digital Forensics Case Study
Geolocation Artifacts & Timeline Analysis: A Digital Forensics Case StudyGeolocation Artifacts & Timeline Analysis: A Digital Forensics Case Study
Geolocation Artifacts & Timeline Analysis: A Digital Forensics Case Study
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
Hans Henseler - Intelligent data analysis for improving public security - Da...
Hans Henseler - Intelligent data analysis for improving public security - Da...Hans Henseler - Intelligent data analysis for improving public security - Da...
Hans Henseler - Intelligent data analysis for improving public security - Da...
 
SplunkLive Brisbane Splunk for Operational Security Intelligence
SplunkLive Brisbane Splunk for Operational Security IntelligenceSplunkLive Brisbane Splunk for Operational Security Intelligence
SplunkLive Brisbane Splunk for Operational Security Intelligence
 
Containerization - The DevOps Revolution
Containerization - The DevOps RevolutionContainerization - The DevOps Revolution
Containerization - The DevOps Revolution
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best Practices
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
 
CCNA Security - Chapter 1
CCNA Security - Chapter 1CCNA Security - Chapter 1
CCNA Security - Chapter 1
 
Evaluating an open research project: Benefits and challenges from the ROER4D ...
Evaluating an open research project: Benefits and challenges from the ROER4D ...Evaluating an open research project: Benefits and challenges from the ROER4D ...
Evaluating an open research project: Benefits and challenges from the ROER4D ...
 
Secure Coding and Threat Modeling
Secure Coding and Threat ModelingSecure Coding and Threat Modeling
Secure Coding and Threat Modeling
 

Ähnlich wie Microsoft threat modeling tool 2016

Software Engineering Risk Management Software Application
Software Engineering Risk Management Software ApplicationSoftware Engineering Risk Management Software Application
Software Engineering Risk Management Software Applicationguestfea9c55
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Achim D. Brucker
 
A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)Deepam Kanjani
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learningBryan Fendley
 
Security intelligence report_volume_22
Security intelligence report_volume_22Security intelligence report_volume_22
Security intelligence report_volume_22Kjetil Lund-Paulsen
 
Threat Modelling in DevSecOps Cultures
Threat Modelling in DevSecOps CulturesThreat Modelling in DevSecOps Cultures
Threat Modelling in DevSecOps CulturesDevOps Indonesia
 
How to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure CodeHow to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure CodeAchim D. Brucker
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
What is Threat Modeling .pptx
What is Threat Modeling .pptxWhat is Threat Modeling .pptx
What is Threat Modeling .pptxInfosectrain3
 
User Guide for Risk Insight 1.1
User Guide for Risk Insight 1.1User Guide for Risk Insight 1.1
User Guide for Risk Insight 1.1Protect724gopi
 
Software Product and Software Process
Software Product and Software ProcessSoftware Product and Software Process
Software Product and Software ProcessShouvikDhali
 
CYBR 650Current Trends in CybersecuritySpring 2016Ron Wo.docx
CYBR 650Current Trends in CybersecuritySpring 2016Ron Wo.docxCYBR 650Current Trends in CybersecuritySpring 2016Ron Wo.docx
CYBR 650Current Trends in CybersecuritySpring 2016Ron Wo.docxalanrgibson41217
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modelingzakieh alizadeh
 
20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar20160831_app_storesecurity_Seminar
20160831_app_storesecurity_SeminarJisoo Park
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutDevSecCon
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxhealdkathaleen
 
Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Tao Xie
 

Ähnlich wie Microsoft threat modeling tool 2016 (20)

Software Engineering Risk Management Software Application
Software Engineering Risk Management Software ApplicationSoftware Engineering Risk Management Software Application
Software Engineering Risk Management Software Application
 
Walter Rweyemamu, Resume
Walter Rweyemamu, ResumeWalter Rweyemamu, Resume
Walter Rweyemamu, Resume
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...
 
A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
 
Security intelligence report_volume_22
Security intelligence report_volume_22Security intelligence report_volume_22
Security intelligence report_volume_22
 
Threat Modelling in DevSecOps Cultures
Threat Modelling in DevSecOps CulturesThreat Modelling in DevSecOps Cultures
Threat Modelling in DevSecOps Cultures
 
How to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure CodeHow to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure Code
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
What is Threat Modeling .pptx
What is Threat Modeling .pptxWhat is Threat Modeling .pptx
What is Threat Modeling .pptx
 
User Guide for Risk Insight 1.1
User Guide for Risk Insight 1.1User Guide for Risk Insight 1.1
User Guide for Risk Insight 1.1
 
Software Product and Software Process
Software Product and Software ProcessSoftware Product and Software Process
Software Product and Software Process
 
CYBR 650Current Trends in CybersecuritySpring 2016Ron Wo.docx
CYBR 650Current Trends in CybersecuritySpring 2016Ron Wo.docxCYBR 650Current Trends in CybersecuritySpring 2016Ron Wo.docx
CYBR 650Current Trends in CybersecuritySpring 2016Ron Wo.docx
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modeling
 
20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert Hurlbut
 
Security and Risk management in SDLC Software development Life cycle
Security and Risk management in SDLC Software development Life cycleSecurity and Risk management in SDLC Software development Life cycle
Security and Risk management in SDLC Software development Life cycle
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
 
Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 

Mehr von Rihab Chebbah

Rédaction de-la-mémoire
Rédaction de-la-mémoireRédaction de-la-mémoire
Rédaction de-la-mémoireRihab Chebbah
 
BYOD - Bring Your Own Device
BYOD - Bring Your Own DeviceBYOD - Bring Your Own Device
BYOD - Bring Your Own DeviceRihab Chebbah
 
Audit and security application report
Audit and security application reportAudit and security application report
Audit and security application reportRihab Chebbah
 
Audit and security application
Audit and security applicationAudit and security application
Audit and security applicationRihab Chebbah
 
Simulation d'un réseau Ad-Hoc sous NS2
Simulation d'un réseau Ad-Hoc sous NS2Simulation d'un réseau Ad-Hoc sous NS2
Simulation d'un réseau Ad-Hoc sous NS2Rihab Chebbah
 
Implémentation de la QoS au sein d'un IP/MPLS - Rapport
Implémentation de la QoS au sein d'un IP/MPLS - RapportImplémentation de la QoS au sein d'un IP/MPLS - Rapport
Implémentation de la QoS au sein d'un IP/MPLS - RapportRihab Chebbah
 
Implémentation de la QoS au sein d'un IP/MPLS - Présentation
Implémentation de la QoS au sein d'un IP/MPLS - PrésentationImplémentation de la QoS au sein d'un IP/MPLS - Présentation
Implémentation de la QoS au sein d'un IP/MPLS - PrésentationRihab Chebbah
 
supervision data center
supervision data centersupervision data center
supervision data centerRihab Chebbah
 

Mehr von Rihab Chebbah (10)

Rédaction de-la-mémoire
Rédaction de-la-mémoireRédaction de-la-mémoire
Rédaction de-la-mémoire
 
BYOD - Bring Your Own Device
BYOD - Bring Your Own DeviceBYOD - Bring Your Own Device
BYOD - Bring Your Own Device
 
Audit and security application report
Audit and security application reportAudit and security application report
Audit and security application report
 
Audit and security application
Audit and security applicationAudit and security application
Audit and security application
 
Security testing
Security testingSecurity testing
Security testing
 
Simulation d'un réseau Ad-Hoc sous NS2
Simulation d'un réseau Ad-Hoc sous NS2Simulation d'un réseau Ad-Hoc sous NS2
Simulation d'un réseau Ad-Hoc sous NS2
 
Implémentation de la QoS au sein d'un IP/MPLS - Rapport
Implémentation de la QoS au sein d'un IP/MPLS - RapportImplémentation de la QoS au sein d'un IP/MPLS - Rapport
Implémentation de la QoS au sein d'un IP/MPLS - Rapport
 
Implémentation de la QoS au sein d'un IP/MPLS - Présentation
Implémentation de la QoS au sein d'un IP/MPLS - PrésentationImplémentation de la QoS au sein d'un IP/MPLS - Présentation
Implémentation de la QoS au sein d'un IP/MPLS - Présentation
 
CV Rihab chebbah
CV Rihab chebbahCV Rihab chebbah
CV Rihab chebbah
 
supervision data center
supervision data centersupervision data center
supervision data center
 

Kürzlich hochgeladen

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 

Kürzlich hochgeladen (20)

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 

Microsoft threat modeling tool 2016

  • 1. Microsoft Threat Modeling Tool 2016 Rihab CHEBBAH June 16, 2016 Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 1 / 14
  • 2. Contents 1 Introduction Threat Modeling Microsoft Security Development Lifecycle Threat Modeling 2 Microsoft Threat Modeling Tool 2016 Definition Model in use The design View and DFDs The Analysis View and Threat Management 3 Conclusion Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 2 / 14
  • 3. Introduction Threat Modeling Threat Modeling? Definition Offers a description of the security issues and resources the designer cares about; can help to assess the probability, the potential harm, the priority etc., of attacks, and thus help to minimize or eradicate the threats. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 3 / 14
  • 4. Introduction Microsoft Security Development Lifecycle Threat Modeling Microsoft Security Development Lifecycle Threat Modeling? Definition Microsoft’s Security Development Lifecycle (SDL) acts as a security assurance process which focuses on software development used to ensure a reduction in the number and severity of vulnerabilities in software; Threat Modeling is a core element of the Microsoft SDL; Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 4 / 14
  • 5. Microsoft Threat Modeling Tool 2016 Definition Microsoft Threat Modeling Tool 2016 Definition graphically identifies processes and data flows (DFD) that comprise an application or service. enables any developer or software architect to Communicate about the security design of their systems; Analyze those designs for potential security issues using a proven methodology; Suggest and manage mitigations for security issues. based on the STRIDE Model. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 5 / 14
  • 6. Microsoft Threat Modeling Tool 2016 Model in use STRIDE model STRIDE model The name STRIDE is based on of the initial letter of possible threats: Spoofing Tampering Repudiation Information disclosure Denial of service Elevation of privilege It classifies threats in accordance with their categories. By using these categories of threats, one has the ability to create a security strategy for a particular system in order to have planned responses and mitigations to threats or attacks. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 6 / 14
  • 7. Microsoft Threat Modeling Tool 2016 The design View and DFDs The design View The Microsoft Threat Modeling tool offers an easy way to get started with threat modeling. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 7 / 14
  • 8. Microsoft Threat Modeling Tool 2016 The design View and DFDs Stencils pane : Process: components that perform computation on data External: entities external to the system such as web services, browsers, authorization providers etc. Store: data repositories Flow: communication channels used for data transfer between entities or components Boundary: trust boundaries of different kinds such as internet, machine, user-mode/ kernel-mode boundaries etc. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 8 / 14
  • 9. Microsoft Threat Modeling Tool 2016 The design View and DFDs DFD The tool uses a simple drag and drop action in order to build a flow diagram for any use case or function specified. we use DFD to illustrate how data moves through the system. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 9 / 14
  • 10. Microsoft Threat Modeling Tool 2016 The Analysis View and Threat Management The Analysis View Switching to the Analysis view displays an auto generated list of possible threats based on the data flow diagram. we illustrate with this view the different threats as well as their properties such as (name, categories, description, Threat Priority: High, Medium, or, Low) Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 10 / 14
  • 11. Microsoft Threat Modeling Tool 2016 The Analysis View and Threat Management Reporting In addition, a Report feature allows the generation of a comprehensive report covering all identified threats and their current state. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 11 / 14
  • 12. Conclusion Conclusion The Microsoft’s SDL threat Modeling Tool 2016 offers an easy drawing environment,an automatic threat generation using the stride per interaction approach . It helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle. Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 12 / 14
  • 13. That’s all folks Thank you for your attention ! Rihab CHEBBAH Microsoft Threat Modeling Tool 2016 June 16, 2016 13 / 14