In one of the previous posts to the Threats Manager site, Next Steps, I announced an initiative to add various crucial parts that were still missing from the site:
- Templates you can use.
- Examples of Threat Models.
- Word Templates you can use to generate your own reports.
- Guidance on how to create your own Templates.
I am happy to announce that this material is starting to be available, now.
You can find a first template in Templates, dedicated to a few Azure DevOps Core services:
- API Management
- Application Gateway
- Azure Function
- Web APIs
- Web Application
- Azure Key Vault
- Azure SQL
- Azure Storage
- Cosmos DB
That’s not much, but it already provides a good example of what a Template looks like. In fact, it is accompanied by three very characteristic files: first of all, the Threat Model in TM format that has been used to generate the Template. That Threat Model is particularly interesting, because it contains an example of Threat Model of a reference architecture, therefore it can be used also as an Example. Another typical deliverable generated by TMS is the Word Report, and you have both the Reference Word File used to generate the Report itself, as the Report. And talking about the Report, I’ve also published a first template for you to use with your own Threat Models: please refer to the guidance in the Learning section to understand how to use it.
You can find all the said material in a new page specifically dedicated to publishing the Templates, including the Word Template. This section is not only intended to contain the material produced by me: you can contribute your own templates! Just go to the Template Upload page, and send a message with your material.
Analogously, I’ve added a page for downloading Examples. And again, you can send your own examples to be published as well, using the Example Upload page.
The documentation has also been extended. I have added two pages, respectively on Templates Creation and Property Schemas. Those represent very important topics when you need to create templates like the one I just published.
And as a bonus, I have added the page on the Overview Dashboard, which was missing when I published my post on Threat Modeling vNext.
This is not the end for Templates: a lot needs to be covered still. Azure itself has just been barely touched, and a lot more needs to be covered. But now, you can get some ideas about what could be done with TMS.
Stay tuned. A lot is going to happen in the upcoming months!