Lab: M2.9 MS Threat Modeling Tool

Introduction

Threat modeling is a very important part of secure software development. It is used to identify the threats in the application right from the beginning of the software development lifecycle. In this activity, you will use Microsofts threat modeling tool to identify threats in an application during the SDLC.

Instructions

Using the Microsoft Threat Modeling Tool, you will identify the threats during the design phase of a sample application. Follow the steps given in the following document:

MS Threat Modeling Tool Lab [PDF, 145 KB]
Once you have completed the lab, please answer the following questions in 1 to 2 pages:

Describe the information in the table and why it could be useful to someone who does threat analysis.
Analyze cross-site scripting and cross-site request forgery threats from the identified list of threats above.
Explain how these threats can be used to model other threats and explain the level of vulnerabilities they have on the systems.
Evaluation

This assignment is due Sunday by 11:59 PM ET.  Labs are worth 30% of your final grade and will be assessed using the MS Threat Modeling Tool Lab Rubric.