-->
- Microsoft Threat Modeling Tool 2019
- Microsoft Threat Modeling Tool Tutorial
- Microsoft Threat Modeling Tool 2018
The Threat Modeling Tool is a core element of the Microsoft Security Development Lifecycle (SDL). It allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. As a result, it greatly reduces the total cost of development. Also, we designed the tool with non-security experts in mind, making threat modeling easier for all developers by providing clear guidance on creating and analyzing threat models.
Microsoft Threat Modeling Tool 2019
- This article in our series focused on Microsoft’s free security tools is on the Security Development Lifecycle (SDL) Threat Modeling Tool. For a quick backgrounder on threat modeling, let me recommend an article that my colleague, Michael Howard, recently published on threat modeling.
- Microsoft Windows 10 Anniversary Update or later.NET Version Required.NET 4.7.1 or later; Additional Requirements An Internet connection is required to receive updates to the tool as well as templates. Documentation and feedback. Documentation for the Threat Modeling Tool is located on docs.microsoft.com, and includes information about using.
A model validation toggle feature was added to the tool's Options menu. Several links in the threat properties were updated. Minor UX changes were made to the tool's home screen. The Threat Modeling Tool now inherits the TLS settings of the host operating system and is supported in environments that require TLS 1.2 or later.
The tool enables anyone to:
- Communicate about the security design of their systems
- Analyze those designs for potential security issues using a proven methodology
- Suggest and manage mitigations for security issues
Here are some tooling capabilities and innovations, just to name a few:
- Automation: Guidance and feedback in drawing a model
- STRIDE per Element: Guided analysis of threats and mitigations
- Reporting: Security activities and testing in the verification phase
- Unique Methodology: Enables users to better visualize and understand threats
- Designed for Developers and Centered on Software: many approaches are centered on assets or attackers. We are centered on software. We build on activities that all software developers and architects are familiar with -- such as drawing pictures for their software architecture
- Focused on Design Analysis: The term 'threat modeling' can refer to either a requirements or a design analysis technique. Sometimes, it refers to a complex blend of the two. The Microsoft SDL approach to threat modeling is a focused design analysis technique
Next steps
The table below contains important links to get you started with the Threat Modeling Tool:See also: System requirements
| Step | Description |
|---|---|
| 1 | Download the Threat Modeling Tool |
| 2 | Read Our getting started guide |
| 3 | Get familiar with the features |
| 4 | Learn about generated threat categories |
| 5 | Find mitigations to generated threats |
Resources
Here are a few older articles still relevant to threat modeling today:
Check out what a few Threat Modeling Tool experts have done:
-->Version 7.3.00729.1 of the Microsoft Threat Modeling Tool (TMT) was released on July 29 2020 and contains the following changes:
- Bug fixes
Microsoft Threat Modeling Tool Tutorial
Known issues
Errors related to TMT7.application file deserialization
Issue
Some customers have reported receiving the following error message when downloading the Threat Modeling Tool:
This error occurs because some browsers do not natively support ClickOnce installation. In those cases the ClickOnce application file is downloaded to the user's hard drive.
Workaround
This error will continue to appear if the Threat Modeling Tool is launched by double-clicking on the TMT7.application file. However, after bypassing the error the tool will function normally. Rather than launching the Threat Modeling Tool by double-clicking the TMT7.application file, users should utilize shortcuts created in the Windows Menu during the installation to start the Threat Modeling Tool.
System requirements
- Supported Operating Systems
- Microsoft Windows 10 Anniversary Update or later
- .NET Version Required
- .NET 4.7.1 or later
- Additional Requirements
- An Internet connection is required to receive updates to the tool as well as templates.
Documentation and feedback
- Documentation for the Threat Modeling Tool is located on docs.microsoft.com, and includes information about using the tool.
Microsoft Threat Modeling Tool 2018
Next steps
Download the latest version of the Microsoft Threat Modeling Tool.