Experiences Threat Modeling at Microsoft - Whitepaper

Microsoft's Security Engineering group, has put together a whitepaper entitled “Experiences Threat Modeling at Microsoft” delivering an insight into the security methodologies applied by Microsoft. “Our current methodology uses the diagrams in a technique we call 'STRIDE per element' to provide guidance for non-experts, as well as repeatability. The technique is based on the observation […]

Microsoft's Security Engineering group, has put together a whitepaper entitled “Experiences Threat Modeling at Microsoft” delivering an insight into the security methodologies applied by Microsoft.

“Our current methodology uses the diagrams in a technique we call 'STRIDE per element' to provide guidance for non-experts, as well as repeatability. The technique is based on the observation that the software architecture threats we are concerned with are clustered. The essence of the technique is to note that for each type of element within the Data Flow Diagrams (DFD),” Shostack explained.[…]”

Download (PDF)

Source:→ Softpedia

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.