User:Bbeyst/sandbox

ThreatModeler is a web-based, platform-independent tool to automate the process of creating one or more threat models related to cybersecurity. It is considered the flagship product of MyAppSecurity, an information security and risk analysis company founded in 2010.

History
The chief technical architect of ThreatModeler is Anurag “Archie” Agarwal, CISSP.. Agarwal worked for a variety of companies as a software developer and project manager before switching and becoming a technological information security specialist in 2005. He co-authored the OWASP Testing Guide v3 and is a member of the Web Application Security Consortium (WASC) and the Open Web Security Project (OWASP) and has published several articles on secure coding and spoken at various conferences

In working with Fortune 1,000 companies, Agarwal developed cost-efficient processes for enterprises to manage their technology risk. It was here that he noted traditional approaches to secure development lifecycle (SDLC) processes often fail to account for a significant number of security threats and risks until the application under development enters the testing and production stages. At these points, remediating discovered application vulnerabilities becomes significantly more costly.

In 2011 Agarwal synthesized his understanding of security and application development to develop a unique framework for threat modeling. In 2013 this framework was developed into a commercial threat modeling tool and released as ThreatModeler™

Other Threat Modeling Tools
ThreatModeler™ is available in both commercial and free versions. Other free threat modeling tools include:
 * Microsoft offers a free threat modeling tool – the SDL Threat Modeling Tool . This tool is DFD-based. The intended users are software developers. Microsoft's Threat Modeling Tool has largely replaced this tool.
 * Microsoft’s other free threat modeling tool – the Threat Modeling Tool . This tool is also DFD-based. Microsoft intended this tool for general use.