LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are two common tools for threat modeling in requirements engineering?

The Microsoft Threat Modeling Tool and OWASP Threat Dragon — both let you draw DFDs and surface threats systematically with STRIDE.

  1. Microsoft Threat Modeling Tool (2016)

    • Free tool from Microsoft
    • Helps identify threats using STRIDE methodology
    • Generates threat reports from DFD diagrams
  2. OWASP Threat Dragon

    • Open-source threat modeling tool
    • Web-based application
    • Supports creating threat models with DFD notation
    • Part of the OWASP project ecosystem

Both tools help systematically identify security threats during the requirements and design phases.

STRIDE Methodology (used by Microsoft TMT):

Threat Property Violated Example
Spoofing Authentication Fake login page
Tampering Integrity Modified data in transit
Repudiation Non-repudiation Denying a transaction
Information Disclosure Confidentiality Data leak
Denial of Service Availability Overloading server
Elevation of Privilege Authorization User becomes admin

When to threat model: Early! During requirements and design - fixing security issues here is 10-100x cheaper than in production.

Go deeper:

From Quiz: SPRG / Requirements Engineering | Updated: Jul 14, 2026