Sign In

Subscribe

Threat Analysis & Modeling Tool - TAM 3.0

Posted By: Jossie Tirado | Jun 29th @ 1:43 PM | 5,344 Views | 2 Comments

Anil Revuru (RV), from Information Security Tools, provides an overview of the new version of TAM (Threat Analysis & Modeling), an asset-centric tool which uses an objective methodology to analyze applications for threats and define mitigation plans for them. TAM aligns to the SDL-LOB as part of the Design phase.

RV describes the new features in this version, including the online repository for the attack countermeasures, automated use cases creation, composite threats, among others.

Learn more:

Tags: ace, ace team, information security, infosec, LOB, SDL, sdl-lob, Security, tam, threat modeling, Tools

Media Downloads:

Rating:

0

0

prasannap

1. What does TWC or TMT stand for?

2. If you can share what benefits you (the Project Team members, not TAM tool members) got from this tool, that would be great

3. I was one of the early adopter of this tool (ver 1.0), after that I never got a chance to see the tool; indeed its a great tool which saved us lots of security level effort. Projects outside Microsoft, use this tool by any chance? If YES, what level of support we can expect.

anilkr

In reply to prasannap

#Jul 7th @ 6:12 PM

1. TWC stands for Trust Worthy Computing and TMT stands for Threat Modeling Tool, you can find the latest TMT which is called as SDL Threat Modeling Tool at http://www.microsoft.com/downloads/details.aspx?FamilyID=A48CCCB1-814B-47B6-9D17-1E273F65AE19&displaylang=en.

2. TAM tool is used internally for threat modeling Line of Business applications, it uses asset (data) centric approach which is a very critical part of the IT Applications. I have explained some in the video, security awareness, writing more secure code etc were some noticable gains. You can subscribe to our conenction on http://connect.microsoft.com/site/sitehome.aspx?SiteID=734 to get beta release information.

3. There are multiple levels of support that we offer, from professional services to simple email support and discussions. http://blogs.msdn.com/threatmodeling, http://blogs.msdn.com/securitytools and http://www.msinfosec.com are the best places to start. msacetm@microsoft is our public email alias where you can ask questions about this tool.

WindowsClient: Introduction to TestApi – Part 5: Managed Code Fault Injection APIs
ASP.NET: T4MVC now has a real home and a dedicated forum!
TechNet Edge: Windows Server 2008 R2 : New Power Management Features
ASP.NET: Web Deployment Painkillers: VS 2010 & MS Deploy
WindowsClient: Application Accessibility Testing
WindowsClient: Prism & WCF RIA Services
Channel 9: Sharepoint 2010 and Claims-Based Identity
WindowsClient: IRhetoric Ported To BlogEngine.NET
WindowsClient: PDC Recap and More
Channel 9: Reactive Extensions API in depth: Primitives
WindowsClient: New WPF Features: MultiTouch
WindowsClient: codeplex.com/testapi v 0.4 available
Channel 9: The Visual Studio Documentary - Alan Cooper, the Father of Visual Basic
Channel 9: Hanselminutes on 9 - Guided Tour inside the Windows Azure Cloud with Patrick Yantz
ASP.NET: ASP.NET 4.0 ScriptManager Improvements
WindowsClient: XAML Toolkit CTP = FxCopXaml + XamlDom + System.Xaml.dll support for Silverlight XAML
Channel 9: Fishbowl for Facebook
WindowsClient: Free Embeddable Fonts for your WPF Applications
ASP.NET: Program Manager Position on the ASP.NET PM team
Channel 10: Microsoft Teams Up with Nielsen
close

Microsoft Communities