Microsoft Application Threat Modeling Blog

Security Guidance and Threat Modeling

I just posted a blog entry on the main drivers behind CTL in TAM v3.0. You can check it out at IST...

Author: rvanil Date: 07/30/2009

TAM 3.0 Beta is Now Live!

I am excited to say that Threat Analysis and Modeling (TAM) 3.0 Beta is now live on download center....

Author: rvanil Date: 07/23/2009

Threat Analysis And Modeling (TAM) v3.0 – Learn about the New Features!

Last time we briefly talked about releasing TAM v3.0 this year. With each week we’re inching closer...

Author: rvanil Date: 07/20/2009

TAM 3.0

Been a little quiet lately on TAM related news but head over to Channel9 to hear RV talk about...

Author: talhahm Date: 06/30/2009

Beautiful Security

My colleague Mark Curphey made available a chapter he wrote for a recently released security book. I...

Author: talhahm Date: 06/26/2009

Tax Season... So Threat Model This...

Tax Season! I came across a scenario that I wanted to share… Scenario: You have some tax application...

Author: talhahm Date: 03/17/2009

Updated SDL TM Tool Now Available!!

Very excited to announce that the SDL folks have released v3.1.4 of the SDL Threat Modeling Tool, as...

Author: talhahm Date: 03/03/2009

Announcing CAT.NET CTP & Anti-XSS v3 BETA

Continuing our work to share the tools and techniques we use internally to maintain a secure...

Author: talhahm Date: 12/15/2008

SDL Threat Modeling Tool Now Available!

We're really excited that our colleagues over in the SDL team have released a beta of their threat...

Author: talhahm Date: 11/20/2008

New SDL Threat Modeling Tool Coming Soon!

Even though this blog’s focus has always been the ACE Threat Modeling tool and methodology which is...

Author: talhahm Date: 09/19/2008

Is Threat Modeling Right For You?

Great post by my friend and colleague around threat modeling in a series he's doing on application...

Author: talhahm Date: 06/18/2008

Threat Management the bigger picture

Threat Modeling is one those ‘sciences’ that is just now starting to gel into something...

Author: TheRockyH Date: 05/29/2008

Using Threat Models Beyond the Design Stage

Threat Modeling is no longer the obscure magic is used to be. With the creation of tools like the...

Author: TheRockyH Date: 05/22/2008

Hello Secure World

An awesome site to check out which also includes virtual labs you can leverage for secure coding!...

Author: talhahm Date: 05/05/2008

Customizing TAM Dropdown lists

One of the most frequent questions we get is that someone is using a technology that is not listed...

Author: rvanil Date: 03/17/2008

[VIDEO] Threat Modeling and Discovering Security Issues

Raffaele Rialdi, a Microsoft Developer Security MVP, sits down with Lori Grosland at TechEd ATE in...

Author: talhahm Date: 02/18/2008

Threat Modeling: Diving into the Deep End

IEEE paper on the TAM tool. "Ford Motor Company is currently introducing threat modeling on...

Author: talhahm Date: 01/08/2008

A discussion on threat modeling

There is a discussion I had recently with a few folks over email around threat modeling that I...

Author: talhahm Date: 10/30/2007

TAM/TAMe and Other ACE Tools

Mark Curphey (newest member of ACE) recently did a post on a set of tools we have in our portfolio...

Author: talhahm Date: 10/25/2007

XSSDetect BETA now available!

I've talked about threat modeling being one part of the overall information security puzzle... there...

Author: talhahm Date: 10/23/2007

Threat Modeling & SDL-IT

A common challenge for folks looking at threat modeling as a control to potentially help them secure...

Author: talhahm Date: 08/27/2007

Threat Profile and "Composite Threat"

Threat profile is a very interesting concept that identifies the complete set of threats in a given...

Author: rvanil Date: 06/19/2007

Create a good threat model in 10 simple steps

How can I get a great and secure product without killing myself? This is not just a question for...

Author: rvanil Date: 06/18/2007

Rich Internet Applications - The New Security Frontier

In the past we have been relying on the web browser to provide/restrict the user interface for...

Author: MJD Date: 06/18/2007

Enterprise Edition

I recently did a TechNet webcast to talk about how Microsoft IT Manages Security Knowledge for...

Author: talhahm Date: 05/18/2007

Threat Analysis and Modeling v2.1.2 Now Available!!!

The new build contains a few fixes including one for problem that caused the threat model documents...

Author: talhahm Date: 04/04/2007

Tips on Threat Analysis and Modeling Tool

Some tips to work with Threat Analysis and Modeling Tool, these could be useful specially when...

Author: rvanil Date: 02/18/2007

Shortcuts List

Threat Analysis and Modeling contains lot of shortcuts for the most used functionality in the tool....

Author: rvanil Date: 02/12/2007

Threat Analysis and Modeling tool setup updated!!!

The new version of th tool can be downloaded from http://go.microsoft.com/fwlink?linkid=77002. New...

Author: rvanil Date: 02/09/2007

Threat Analysis and Modeling v2.1.1 Now Available!!!

[UDPATE] Auto-Save feature does not work as expected, this feature might give you errors and...

Author: rvanil Date: 01/31/2007

Channel9 Interview

I did an interview a while back on Channel9 on our threat modeling tool and process... it went up a...

Author: talhahm Date: 12/18/2006

Threat Anlysis and Modeling v2.1 Now Available!!!

[UDPATE] The download is now live. [UPDATE] Please send feedback & feature requests to...

Author: rvanil Date: 11/30/2006

TAM v2.1 Sandboxing – Part II – Risk Measurement Plug-in

TAM v2.1 introduces a new security model for the plug-in under which the behavior of the plug-in can...

Author: rvanil Date: 10/30/2006

ACE Team on Channel9

ACE Team is on Channel9. This is the 1st part of the interview (there is a part on the TM tool as...

Author: talhahm Date: 10/25/2006

TAM v2.1 Sandboxing – Part I – Risk Measurement Plug-in

TAM v2.1 supports multiple risk measurement techniques by allowing the user to specify a plug-in to...

Author: rvanil Date: 10/12/2006

Application security - The ACE View

As business process automation started to take hold in the early 1990s, organizations began to...

Author: MJD Date: 10/04/2006

Security lock down

As a part of the MSDN Security on the Brain Series of Conferences, there is a virtual conference on...

Author: MJD Date: 09/20/2006

APPLICATION RISK MANAGEMENT WEBCAST

Talhah has been blogging about Knowledge management and translation and some other stuff that nicely...

Author: MJD Date: 08/31/2006

Risk Measurement Plug-in Development

Threat Analysis and Modeling Tool (TAM) tool uses a interface to provide risk measurement plug-in...

Author: rvanil Date: 08/30/2006

Customizing TAM drop-downs

We’ve been getting a lot of queries around the drop-downs in the TAM tool to define things like...

Author: talhahm Date: 08/17/2006

Knowledge Management & Translation

The other day I was talking to someone about the next big project we’re working on around risk...

Author: talhahm Date: 08/15/2006

Invest in security? Show me the ROI...

How many times have you tried to preach software security only to have someone ask you to show the...

Author: talhahm Date: 08/10/2006

New addition to the team

Well, I joined the Microsoft ACE Team in May 2006. Having seen the Threat Modeling tool from the...

Author: MJD Date: 07/25/2006

RTM Now Available!!!

RTM version of the Threat Analysis and Modeling Tool v2.0 is now available here. Thank you for using...

Author: rvanil Date: 07/06/2006

RC2 Release!!!

[Update] RC2 is live now and can be download from here, we had some technical difficulties earlier....

Author: rvanil Date: 06/28/2006

RC2 & Looking forward...

We’re on track and got done with RC2 as of Friday and have released it internally. We’re not...

Author: talhahm Date: 06/18/2006

Assembly Hijacking Video

Rocky's got a great video on assembly hijacking here (see "Presentation Videos" on left-hand side)....

Author: talhahm Date: 05/26/2006

RC1 NOW AVAILABLE!

RC1 of the Threat Analysis & Modeling v2.0 is available for download here. Aside from bug fixes...

Author: talhahm Date: 05/22/2006

We're Hiring!

The ACE Team is hiring... check out this post. -Talhah

Author: talhahm Date: 04/22/2006

Security with Visual Studio Team System

Mark Groves, one the of PMs on the Visual Studio Team System for Software Architects (VSTESA) team...

Author: talhahm Date: 04/17/2006

Next>