Microsofts New Threat Modeling Tool

A week ago I had the pleasure of giving a speach at OWASP AppSec EU in Rome on the new Microsoft Threat Modeling Tool 2016 that came out last November and is still available for free.

The Threat Modeling Tool implements one way to derive threats (potential security problems) from a system specification and this is via Data flow Analysis (DFD). As shown in the screenshot above, we can specify our system via DFD logic within the tool, when we are ready we switch in the analysis mode and see a couple of identified threats based on our DfD diagram.

Microsoft Threat Modeling Tool 2016

New Functionality

The functionality described above is basically how all versions of this tool had worked for the last 10 years it exists. The 2016 version, published last November, has one new great feature that distinguishes it from all the others though: It now allows you to completely change the XML based templates an thereby implement own stencils, properties and, most importantly, threat logic. That works actually really great, since Microsoft also included a quite usable threat template editor into its tool.

Customizing Threat Logic

Before we start implementing our own threat logic we must understand how DfD based threat logic is expressed. In general, rules can be formulated as followed: dfd threat logic

Basically everything that you can put in this logic you can have checked by Threat Modeling Tool 2016, both as include and exclude statements. Especially the use of custom attributes works really great for putting all kind of logic into that tool (e.g. “Uses PHP” for a stencil “Web Application”. As you can see it from the logic above, stencil always have a parent.

This logic can be used to identify the threat of data sniffing. Template Editor of Microsoft Threat Modeling Tool

In case of the stencil “Web Application” this is “Generic Process”. All rules that matches the parent automatically matches child stencils such as the web application. This allows you to define own custom stencils that will automatically derive all threat logic that matches its parent. Unfortunately there is only one level available, so a child stencil cannot have another child that restricts the threat logic a bit.


The tool itself can be downloaded here. All you need to be able to work with it is a Windows system.

In addtion, I’ve created a couple of sample models and a reduced template for web applications that you can all download from my github page.

Please be aware that if you want to replace an existing template you have to change the template id within the model file (both XML). Unfortunately the tool does not allow this within the GUI. I’ve describe the detailed steps for this on the github page referenced above.


Although it still has some limitations, Microsofts new Threat Modeling Tool is a good anf free tool for creating simple DfD based security diagram and threat models. It becomes a great tool when you are using its new customization capability that allows you to create your own custom threat templates, include all kind of stencil and threat logic that are specific to your organization. I highly recommend to make this effort because the existing logic is rather limited.

If you feel that some threats identified by this tool make no sense, just look at the threat logic within the template and perhaps change it if not suitable for your organization.

Besides automatically identifying threats from a DFD diagram, this tool has one great additional implicit use: Talking about interactions and data flows a system has with developers and architects often results in a lot of “aha” moments and the identification of security problems that were not aware to anyone.


About Matthias Rohr

Matthias Rohr, CISSP, CCSLP, is the founder and lead security architect at Secodis. Matthias began working in this field in 2004 and is since a frequent speaker on international AppSec conferences, book author, author of TSS-Web and an active AppSec community contributor. He lives and works in Hamburg / Germany.
This entry was posted in Secure Software Development, Security Requirements, Threat Modeling and tagged . Bookmark the permalink.

17 Responses to Microsofts New Threat Modeling Tool

  1. Pingback: Data Flow Diagram Example Of Banking System –

  2. Your approach is trսly different in comparison to other bloggers I have browsed thrօugh.
    Тhanks a lot for sharing when yоu’ve got the oppoгtunity, гeckon I will save this

  3. Your ɑpproach is very creative comparing to ߋtheг bloggers I have looked through.
    Thanks for posting when you hаve got tһe
    oρportunity, suppose I’m going to ѕave thiѕ iԁea.

  4. Good post! I sһared your blog on my Facebook.
    Hope that my friends are going to find it fun too. Good luck for the future.

  5. Brilⅼiant post. I read your website fairly often, and you аre constantly coming up with some great staff.
    I shared this blog post on my Facebook, and my followers
    liked it! Good luck.

  6. Avatar Denisov L says:

    Thеre’s actuaⅼly ɑ lot to learn on this subject.
    I ⅼove all the points you have made.

  7. Great! Thanks for this guidе!

  8. There is ɑctually lots to learn on this topіc. I just like all
    tһe points you made.

  9. Yօur style is quite unusual іn contrast to other people I’vе read info from.
    Thank you for sharing when yoᥙ һave got the time, recқon I
    will just save this idea.

  10. Avatar Andrew Cup says:

    Sweet! Thanks a lot for the guide!

  11. Avatar Modest Y. says:

    There iѕ surely lοts to learn on this subject. I love all the points you maԀe.

  12. Avatar Danny Gray says:

    Undoubtedlʏ one of my toⲣ wеb blogs to browse in the morning with a drink of cappuccіno !

  13. Youг mɑnnеr is quite creatiѵe compared to other folks I’ve looked through.
    Thank you for sharіng when you have got the time, guess I’ll bookmark this idea.

  14. Avatar Antonio says:

    Brilliant pօst. I featured your website on my Facebook.

    Hopefully my visitoгs will enjoy your writing as well.
    Keep up the good work.

  15. I ⅼіҝe this post! I read your blog site pretty regularly, and you’re
    always coming up with some good staff. I shared this post on my Tumblr, and
    my fоllowers liҝed it. Good luck.

  16. Pingback: Agile Threat Modeling - Sustainable Application SecuritySustainable Application Security

  17. Pingback: Free Simple Risk Assessment Template

Leave a Reply

Your email address will not be published. Required fields are marked *