Question

WEEK 3 DISCUSSION# 4

ANSWER THE FOLLOWING :

1: Fully explain how to use one of the threat modeling tools

2: What are the benefits or issues with Microsoft’s Threat Modeling process and tool?

Answer 1

`Hey,

Note: If you have any queries related the answer please do comment. I would be very happy to resolve all your queries.

1)

Step 1: Identify the assets (database server, file servers, data lake stores, Active Directory, REST calls, configuration screens, Azure portal, authenticated and anonymous web user, Azure AAD client apps, database users, DB administrators)

Step 2: Outline details of architecture on which the valuable asset is being processed. It may include the software framework, version and other architectural details (ASP.net web application connection to cloud data stores and third-party services using JWT tokens).

Step 3: Break down the application regarding its process, including all the sub-processes that are running the application. We create a data flow diagram (DFD).

Step 4: List identify threats in a descriptive way to review to process further.

Step 5: Classify the threats with parallel instances so that threats can be identified in the application in a structured and repeatable manner.

Step 6: Rate the severity of the threat.

2)

The Microsoft Threat Modeling Tool makes threat modeling easier for all developers through a standard notation for visualizing system components, data flows, and security boundaries. It also helps threat modelers identify classes of threats they should consider based on the structure of their software design.

Kindly revert for any queries

Thanks.