ThreatModeler vs Microsoft TAM
While Threat modeling has been around for a few years with several methodologies carrying the banner, the automation of the process by tools has been limited. The most popular tool among security professionals and a few development teams has been the Microsoft Threat Analysis & Modeling (TAM) tool. We have released ThreatModeler, a tool which is rich in features and easy to use in automatically enumerating threats to your application in a software-centric approach to threat modeling. Below is a feature comparison chart between ThreatModeler and TAM.
|Comprehensive Threat Library|
|Secure Coding Guidelines for secure development|
|Threat mapped to relevant and updated countermeasures|
|Simplified Application Decomposition|
|Security Assessment Checklist|
|Built-in security requirements based on data classification|
|Supports Development Methodologies such as AGILE, Waterfall, etc.|
|Real Time Collaboration between project managers, developers, software architects, security team||[Security Architect centric]|
|Vulnerability Management Dashboard|
|Available as a Web-Based deployment|
|Create a Threat Model within hours for small to medium size applications.|
|Scalable to create threat models for thousands of applications.|
|Allows for fast updates on a threat model|
|Data Elements classified according to sensitivity||[Classified according to CRUD capabilities of Components]|
|Data Flow Analysis|
|Security Requirements associated with individual components of the application.|
|Automatic Attack Tree Generation|
|Methodology agnostic||[Microsoft centric with technology limited to C#, SQL Server, ASP.NET, C, C++]|
|Automatic Threat Generation||[Based on STRIDE classification]|
|New features added quarterly|
Common Attack Pattern Enumeration and Classification (CAPEC) is a project by the MITRE Corporation, sponsored by the Department of Homeland Security as part of the Software Assurance strategic initiative of the National Cyber Security Division, to assist in enhancing security throughout the software development lifecycle, and to support the needs of developers, testers and educators. As the name states, it contains a vast list of Attack Patterns which are incorporated into the ThreatModeler library. ThreatModeler is one of the few tools out there to leverage this vast data resource and present it to you in a way that deals with only those threats that have maximum negative impact to your business. With the CAPEC library being frequently updated, you can be assured of having an exhaustive and open attack pattern library available to you in an easy-to-comprehend solution.
In addition to the monstrous CAPEC library, MyAppSecurity is working hard on providing solutions that are usable by everyone in the company from Software Developers to Security Professionals. As security is a field that symbiotically goes along with any new technology that works with the data dearest to us, we strive to keep you updated with all the latest threats, mitigation steps, secure coding strategies and security requirements that will help protect your business no matter what the attack vector might be.
The CAPEC library along with other projects at MITRE such as the CWE and CVE are widely recognized by security practitioners and have contributions to them from well recognized names and companies in the field of information security. It is upgraded every quarter and goes through a thorough review. Beyond web application threats it offers coverage over attack patterns in network security, system security and even attacks in the social engineering domain, so should you decide on building a threat model of a non-web application related field, ThreatModeler is ready for you.
Although we have provided a exhaustive library which is a combination of the MITRE’s CAPEC database, our own research and research from resources such as OWASP and WASC-TC, every company might have its own security policy to follow which might include various internal threat information, mitigation strategies , security checklists and compliance requirements from among a few. With new threats emerging constantly and with rapidly changing web technologies, we have given the user flexibility to customize several aspects of the ThreatModeler library. These include Threats, Mitigations, Components, Rules, Roles, Protocols, Application Security Questions and Technical Controls.
In large development shops harnessing multiple technologies on multiple projects, the benefits are:
Custom mitigation steps to target threats to a particular platform or technology.
Company specific security requirements can be used in the Rules instead of the stock provisions.
Organizations implementing Role Based Access Control can add all the necessary roles which help in the audit process.
Custom components based on the web application being designed.
Technical Controls can be added according to what might be used to pass data and work with user state.
Application Security Questions can be modified and classified according to company documents and the security team decisions.
This makes ThreatModeler not just a tool which provides automation but also a framework that does not limit you in taking care of your IT Security risks. If you are employing the services of external development and security teams, it gives you more leverage on how those teams can add and use customized data specific to the needs of your software goals.
It is a common theme of builder versus breaker in the application security realm with security experts and software development teams not seeing eye to eye. Existing information security tools target security experts but communicating the results of these tools to the development team has been the challenge. ThreatModeler assists these various stakeholders to collaborate from software design, development and testing via different interfaces customized for each of them. Allowing the stakeholders perform their job function to their best ability while keeping security in mind is what we seek in letting you build highly secure software.
In a scenario using ThreatModeler, the architect designs a web application at a high level. The architect enters the necessary information pertaining to data accessed and processed by various components of the application. After these components have been assigned to development teams, a developer can just view threats and the secure coding steps required to mitigate the threats while the IT operations teams can view steps to secure their systems. The security teams can view the existing threats in the application and this helps targeting testing and audit.
In order to provide you with visualizations of threats to a component, we have provided an automated attack tree generation feature. The concept of attack trees has been around for a while and there might be several means to create an attack tree and even a few tools. ThreatModeler has gone a step further by completely automating the process for you by its Intelligent Threat Engine. Once the threat model has been created with associated rules and threats mapped to components, the user can view an attack tree for each component in the diagram which includes the security requirement for that component, for which failure to implement will result in the subsequent threat as a branch.
This makes it easy to visualize where an application might be compromised and is useful in generating test cases as well as providing a source for reviewing the application security from a regulatory compliance point of view. Attack trees give Risk Analysts and management a better understanding of risk via Attack Tree Analysis. A tree visualization makes it easy for budgeting for handling risk and maximizing productivity and profit. The attackers have multiple paths to choose from. This shows you all the well known ones to plan better.
Often security is part of a remediation process after code has been written and the application having reached its testing phase. This always results in very expensive mitigation steps to be put in place which might in turn introduce new vulnerabilities. Secure coding principles have been around for ages but most developers have never been taught to code securely in the first place. Providing relevant information to the developers has been another problem and it is understandable that people have to get work done and will not want to spend time sifting through mountains of obscurity. In addition to the mitigation steps provided within the CAPEC library, MyAppSecurity are working hard to ensure that we provide developers with the most relevant secure coding mitigation steps for each component that they have been assigned to. This will save you hours of development time and money and ultimately results in higher productivity and profit.
Resources from well known guides on secure coding at repositories at OWASP, the WASC-TC, MITRE’s CWE and a plethora of others. Since ThreatModeler provides for a component based high level design, the developer assigned to a specific component would know exactly how to write secure code s/he did not know about earlier.
MyAppSecurity have bundled a detailed checklist, classified according to various functionality in an application that requires attention and controls to be put in place to prevent a breach. These have been made as general as possible to scale across companies in different business domains and at the same time very relevant to security as a whole. The customizability of ThreatModeler makes adding company specific checklists a smooth process and security and audit teams have a central location to refer to for verifying security controls in place.
We strive to keep these checklists updated with the latest precautions to safeguard your business but understand that you might have your own means of viewing the same issue and describing it differently. For this reason we allow you to completely customize this library with your own security standards.
ThreatModeler provides you with a scalable solution that not only works towards securing a single application but towards ensuring maximum security coverage over all your enterprise software. Moreover it is applicable to development shops of varying sizes including firms with off-shore teams. A threat model created manually does not scale well in the era of rapidly changing web technologies and for businesses which frequently add new features in every update of their web application. ThreatModeler makes it easy to incorporate any of these new features within an existing threat model and help you analyze whatever new vulnerabilities might be exploitable in your application. A threat model created manually might take upto three weeks to cover the application design in detail. For many new features added to this, it could take another week. ThreatModeler reduces this to 20% of the effort.
Re usability of components makes the process of using secure components simple. User created templates of secure components makes reducing overall risk part of the process instead of having to include the possibility of breach in every Threat Mitigation plan.
For example, the user has an application which included a Login component. Using ThreatModeler, the development team built the component as secure as specified by company policy. For any other application that requires login, at the same company, the development team have to only reuse the component without having to worry about adhering to company security policy in terms of the component development.
Considering that most development teams use the AGILE methodology, manual threat modelling does not scale well with this model. ThreatModeler’s capability of integrating easily within your AGILE process will ensure your developers don’t have yet another tool and process to deal with and develop to their best potential with all their secure coding resources right beside them and ready for use in the most relevant way.
The manual Threat Modeling process not only takes upto three weeks for a detailed model of the architecture and data flow but also requires time to update for every new feature that might be added. For any new threats, it has to undergo an extensive review which consumes more time. In addition to that, for several components that might be secured and reused, it just adds overhead in the review process. MyAppSecurity have identified these hindrances to a smooth threat modeling process and have built an intelligent threat engine, ThreatSense that is harnessed by ThreatModeler. This provides the automation that every stakeholder in software development desires and not only correlates threats with secure coding strategies but also correlates your security requirements and policy guidelines, web application data processing widgets and data elements. The best feature of ThreatSense is that it generates Attack Trees that give you a visual component in gauging the threat to your application or component and how you can implement preventive measures. Developers may check the components they have been assigned to within a threat model which will be updated automatically with the latest threats and mitigation steps to those threats when the admin has made the necessary updates for a particular component.