Threat modeling tools are used to perform systematic analysis of attack vectors by helping you analyze some of the following questions:
- Which are high-value assets?
- What does attacker profile may look like?
- Which are most vulnerable areas in the application which can be attacked by the hackers?
- What are most relevant threats to the application?
- Are there one or more attack vectors which can go unnoticed?
Following is the list of top 5 threat modeling tools you may keep handy for threat modeling:
-
- Microsoft Free SDL Threat Modeling Tool: Tool from Microsoft that makes threat modeling easier for all developers by providing guidance on creating and analyzing threat models. Following diagram displays the SDL threat modeling process. Greater details can be found on this page, Getting Started with Threat Modeling Tool
Figure 1. Threat Modeling process
Following are some of the capabilities of this tool:
-
- Automation
- Guided analysis of threats and mitigation
- Reporting
-
- Microsoft Free SDL Threat Modeling Tool: Tool from Microsoft that makes threat modeling easier for all developers by providing guidance on creating and analyzing threat models. Following diagram displays the SDL threat modeling process. Greater details can be found on this page, Getting Started with Threat Modeling Tool
-
- SecuriCad by Forseeti (Commercial tool): As per the page, securiCAD is a threat modelling and risk management tool that enables you, the user, to get a holistic understanding of your IT infrastructure, incorporating risks from both structural and technical vulnerabilities. Here is a two minute demo on the tool:
- ThreatModeler: A tool for enterprise threat modeling. Here is a ThreatModeler YouTube channel comprising of multiple videos on ThreatModeler. Here is a sample video:
- Irius Risk by Continuum Security: As per the webpage, this tool helps create a threat model and derive security requirements in no time using a straightforward questionnaire based system. Following is a sample video:
- SD Elements by Security Compass: A threat management platform
I have been recently working in the area of Data analytics including Data Science and Machine Learning / Deep Learning. I am also passionate about different technologies including programming languages such as Java/JEE, Javascript, Python, R, Julia, etc, and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data, etc. For latest updates and blogs, follow us on Twitter. I would love to connect with you on Linkedin.
Check out my latest book titled as First Principles Thinking: Building winning products using first principles thinking. Check out my other blog, Revive-n-Thrive.com
Check out my latest book titled as First Principles Thinking: Building winning products using first principles thinking. Check out my other blog, Revive-n-Thrive.com
Latest posts by Ajitesh Kumar (see all)
- MSE vs RMSE vs MAE vs MAPE vs R-Squared: When to Use? - April 22, 2024
- Gradient Descent in Machine Learning: Python Examples - April 22, 2024
- Loss Function vs Cost Function vs Objective Function: Examples - April 19, 2024
Leave a Reply