Download this episode
Andrew Law, from Microsoft Information Security, walks us through the creation of a threat model for a line-of-business application using the Threat Analysis & Modeling tool version 3.0. This screencast includes the definition and purpose of a threat model as well as its alignment with the SDL-LOB.
Threat Model ownership is discussed as well as the use of the central repository, common task list and how to leverage them to automatically generate threats.
Available formats for this video:
Actual format may change based on video formats available and browser capability.