When we do that, we see a tabbed interface with many pages: the first one is dedicated to editing the Stencils, that is the various entities that will be used to create the model.
#SDL THREAT MODELING TOOL TEMPLATE HOW TO#
We will see how to get rid of it in a minute. Let’s ignore the error for now and click on the OK button. You will get an error, shown in the next picture: this error is really a warning, because it simply states that you are not supposed to edit that file. This would allow you to select a Threat Model that will be opened, in our case default.tb7, which in my system is in folder “C:\Program Files (x86)\Microsoft\Threat Modeling Tool\KnowledgeBase”. To do this, you have to use the Open Template button in your Threat Modeling Tool. The first step is to open Microsoft Threat Modeling Tool and to Open the default template that is shipped with the tool. So, let’s start with the basics: what is a Threat Model Template and how can you create one?
#SDL THREAT MODELING TOOL TEMPLATE SERIES#
This article is the first one of a series that I am planning to publish, on the process that you could use to create and maintain your own Templates. Fortunately for us, Microsoft Threats Modeling Tool 2016 has introduced the possibility to customize the Template and to create something that is really focused on your needs. Consider that your needs could can change over time: yesterday you used three-tiered Web Application, now you have the Cloud and IoT. The answer is to create a custom template, based on your specific scenario: imagine the possibility to define a model based on your environment, not on some general idea that does not apply so well to your needs and imagine that this enables you to generate the Threats that make sense for you. The result is in many cases a decent analysis of the system you are assessing, but how to make it great?
Microsoft Threat Modeling Tool 2014 has introduced the possibility to generate Threats automatically: you design the model and it finds some Threats, based on the model. Threat Models are a wonderful tool to understand the risk represented by a solution you are developing and to mitigate that risk, to ensure that the final result represents an acceptable risk for your organization.