Microsoft sdl threat modeling tool advantages
![microsoft sdl threat modeling tool advantages microsoft sdl threat modeling tool advantages](https://cdn.ttgtmedia.com/rms/onlineimages/security-6_steps_in_the_threat_modeling_processing-f_mobile.png)
Threat modeling process and stepsĮach individual threat modeling methodology consists of a somewhat different series of steps, and we'll discuss the nuances of each later in this article. In this article, we'll help you understand what all these methodologies have in common, and which specific techniques may be right for you. Some models have different emphases, while others are specific to certain IT disciplines - some are focused specifically on application security, for instance. But it's important to know that there are a wide variety of threat modeling frameworks and methodologies out there. Kohnfelder and Garg called their proposal "the STRIDE framework," and we'll look at the details of it later in this article.
![microsoft sdl threat modeling tool advantages microsoft sdl threat modeling tool advantages](https://image.slidesharecdn.com/threatmodelingbestpractices-110616132656-phpapp02/85/threat-modeling-best-practices-19-320.jpg)
![microsoft sdl threat modeling tool advantages microsoft sdl threat modeling tool advantages](https://image.slidesharecdn.com/prs-160628214937/95/microsoft-threat-modeling-tool-2016-6-638.jpg)
In 1999, Microsoft employees Loren Kohnfelder and Praerit Garg circulated a document within the company called " The Threats to Our Products" that is considered by many to be the first definitive description of threat modeling. The practice of threat modeling draws from various earlier security practices, most notably the idea of " attack trees" that were developed in the 1990s. That said, threat modeling is still in some ways an art as much as a science, and there is no single canonical threat modeling process. Threat modelers walk through a series of concrete steps in order to fully understand the environment they're trying to secure and identify vulnerabilities and potential attackers. This broad definition may just sound like the job description of a cybersecurity professional, but the important thing about a threat model is that it is systematic and structured. Threat modeling is a structured process through which IT pros can identify potential security threats and vulnerabilities, quantify the seriousness of each, and prioritize techniques to mitigate attack and protect IT resources.