danaxscripts.blogg.se -

#Ms sdl threat modeling tool how to
#Ms sdl threat modeling tool series
#Ms sdl threat modeling tool free

You can also add new Properties, but you cannot modify the properties defined in the base entity. Specialized entities are exactly the same as the base entities, but they allow constraining the value of properties to specific values. Properties are used to decide if a Threat should be generated automatically or not, therefore they play an important role. You can add properties through the Add Property button. Each property has multiple pre-defined values: the first one is considered the default value. You can also define properties associated to an entity.

Image Location: defines the position of the image within the stencil.

#Ms sdl threat modeling tool free

A good source of free images is the Microsoft Azure, Cloud and Enterprise Symbol / Icon Set.

Choose Image: allows chosing an image for the entity.

Dash: defines the type of the lines to show.

Width: it allows to specify the width of the lines.

The Flow can only be a line, and the Boundaries can be Line or Rectangle.

For example, the Target can assume the shape of an Ellipse (for the Processes), a Rectangle (for the External Interactors), or of two parallel lines (for the Data Storages). Shape: it allows to specify the variant of the type defined with the Behavior.Behavior: it allows to specify the type of entity: is it a Flow? A Boundary? Or a common entity, that is also known as a Target.Description: the description of the entity.It does not uniquely identify the entity, though: you may be able to create two entities with the same Name it will create some errors in the Messages Tab, which is the 4th Tab, as shown in the image below.

Name: it identifies the entity itself.

If you select an entity in the tree, you will find in the right pane its definition, and you will be able to change it. You can create your base entity, if you want: you are not limited to the pre-defined ones. Under the Generic entities, you will find the specialized entities, like the OS Process, the Thread, the Web Application and so on.

#Ms sdl threat modeling tool series

Please consider that this series of articles is not about the basic concepts of Threat Modeling: you should already know what a Process is. In other words, you will find in the first level items like the Generic Process, the Generic External Interactor and so on. The Tab shows a two levels tree, with the first level defining the basic entities, and the second level the specialized ones.

This new article discusses the first Tab in the Template Editor, which is dedicated to creating and modifying the various entities that are used within the model.

#Ms sdl threat modeling tool how to

The first one, where I introduced how to create your own Template, can be found in Threat Modeling Templates: how to start your own. Welcome to the second article about how to create your Threat Modeling Templates.