The document tool should be more than text-a feature such as embedded images is extremely useful. The only caveats would be the limitations of the tools. Of course, Office is one of several suites with word processing, spreadsheet, and drawing functionality. Visio is great for turning whiteboards into more precise documents. Excel can be used for issue tracking and status. What to record is dependent on the approach you've chosen. Word is a great tool for recording threats in free-form. Microsoft Office contains a number of tools that are very useful in threat modeling. On a whiteboard, no one tries to correct details such as a line not being connected properly, so the discussion can be focused on how the system actually works.įor distributed teams, a webcam focused on a whiteboard may work, or you may have “virtual whiteboarding” technologies that work for you. Whiteboards also have the advantage of transience-drawing on paper just isn't the same. No technology I've used has the immediacy, flexibility, and visibility to a group than a whiteboard when iteratively drawing system architecture. I can hardly imagine threat modeling without a whiteboard. It covers a few of the more useful tools to encourage you to think about the tools you already use and with which you are familiar. This section discusses tools that are not specialized for threat modeling but can be tremendously useful. The chapter closes with a few words about tools that don't yet exist.
You'll then learn about the open-source tools that are available, followed by commercial tools.
#Sdl threat modeling tool boundaries how to
This chapter starts by describing some generally useful tools and how to apply them to threat modeling. (Those are treated at greater length, because there's less risk of me insulting the authors.) Some trade-offs are unavoidable as tools are created, so the chapter starts with general tools that are useful in threat modeling, and then progresses to more specialized tools.Ī few disclosures: I do not have personal experience with each tool described here, and some of the tools I created myself. Or you might find that a tool cramps your style. You may find yourself stymied by usability issues, such as fields you're unsure how to fill out. Finally, tools can help you create actionable output from a threat model. Tools can help you check your threat model for completeness. Tools can help create a more legible or even beautiful threat model document. Tools can help you remember to engage in various steps, or provide assistance performing those steps. It can help you create better models, or create models more fluidly. Tooling can help threat modeling in a number of ways. This chapter covers tools to help you threat model. Managing and Addressing Threats Chapter 11.
Threat Modeling: Designing for Security (2014) Part III.
0 kommentar(er)
