ThreatModeler™ provides a collaborative environment between various stakeholders including Architects, Developers, Security and Project Managers to identify threats in the requirements/architecture phase with little or no knowledge of security. It establishes a repeatable and scalable platform and provides security approved coding guidelines to build security within the application. Below are some of the key features of ThreatModeler™.
ThreatModeler™ includes a comprehensive library of threats including MITRE CAPEC library and other open vulnerability databases as well as research at MyAppSecurity to cover latest attack vectors that are not yet updated in other libraries.
The implementation of automatically generated attack trees, a threat management console and visualization of inter-component data flow helps you identify high value targets and how they can be attacked.
ThreatModeler’s intelligent threat engine (ThreatSense), identifies threats automatically based on the information provided and presents mitigation strategies to the development teams which can be easily integrated in their code.
ThreatModeler™ makes it easy to scale security initiatives in the fast-paced nature of software development by automatically analyzes threats in any new feature added to the application and providing mitigating solutions.
ThreatModeler™ integrates easily with any development methodology. It’s extensible and feature rich modules saves substantial time and effort in identifying threats and achieving the goal of building security in with minimum effort.