This can lead to leaving more vulnerabilities in the application when we move forward to the analysis view. The stencil allowed me to add the same however, I was not able to easily modify the size or expand the boundary. I was able to create a similar data flow diagram but I also wanted to create flow boundaries. However, I found certain challenges in designing the model in Design View. Drag and drop is the quickest way to build models. You can use the canvas space to drag and drop elements from the sidebar.
The tool provides a design view to add models. The Microsoft Threat Modelling Tool (MTMT) provides a standard notation for visualizing system components, data flows, and security boundaries. Microsoft uses Microsoft Security Development Life Cycle (SDL) to identify threats, attacks, vulnerabilities, and countermeasures that could affect your application. I tried to create the data flow using Microsoft Threat Modelling Tool and below is my personal finding and opinion on the benefits and pitfalls of using the tool. I tried to develop and execute a threat model for an IoT Data Flow to study the usability to identify the Threats, Vulnerabilities and Remediation proposed by these tools below.
In this series I am presenting my opinion on MSMT 2017. We started off from evaluating the two common and most easily available Threat Modelling Tool. Open Source/User Licensing/Paid (other model) Open Source/ Pay-Per-Use/ User based Licensing Regular or Periodic updates but large intervals Zero Documentation or basic documentation.Īnalysis only with no suggested remediation
of Threat Modelling Frameworks SupportedĪvailability of stencils and option to add stencils or upgrade stencilsĪvailability of stencils but no option or difficult to customizeĪvailable and continuously updated documentationĪvailable documentation but hard to follow through If created by someone but the threat model is difficult to understand If the UX is okay, but different teams are able to understand the design created by other team. If the user experience is high and it is easy to create and understand the threat models created by other team If it is difficult to learn and time to create a model is exponentially large use by the target audience. and it can be used by 30-40% of target audience. If is learning curve is medium and time to create a model is more than 1 Hr. If the learning curve is small and time to create a model is less than an hour it is user friendly for majority of target audience. Learning Curve and time to create a model The Key Audience for this report is Developers, Technical Architects, Business Analysts, IT and Operations Teams of different experience levels. I tried to conduct and in-depth analysis and recommendation and find that it is going to be useful for teams who are planning or in the process of shifting left in their organizations or projects towards DevSecOps. The key factors considered into this analysis is given in the table below. I used hands on assessments and used a parameterized technical analysis and rating system for this evaluation using business cases from the emerging techs and industries. Available Solutions, Benefits, Pitfalls, and RecommendationsĪs a DevSecOps practitioner and Security Architect I will like to share some of the key solutions available and their benefits and pitfalls through this series of evaluating different tools.
The key challenge is finding ways to adopt a security framework for designing robust enterprise applications, as it is becoming difficult to stay updated with ever changing attack surfaces and threat and vulnerabilities. However, every Engineering team and Technical Architect is always trying to find a solution to implement threat modelling into their existing DevOps Ecosystem. It is believed that secure systems are a corollary indicator of high-quality systems and hence it adds value to catch these defects early in the system design and development stages. Problems With Shifting Left in Designing Secure Applications One such tool which help to categorize and systematically evaluate the security of a system, product or service, is threat modeling. The motivation for this research came from the constantly growing need to acquire better tools to tackle the broad and expanding threat landscape. Threat modeling can be used as part of security risk analysis to systematically iterate over possible threat scenarios. Defending against these threats requires that organizations are aware of such threats and threat agents. Unfortunately, the threat landscape expands and new threats, threat agents and attack vectors emerge at all times. An interconnected world with an increasing number of systems, products and services relying on the availability, confidentiality, and integrity of sensitive information is vulnerable to attacks and incidents.