APPLICATION DECOMPOSITION USING DATA OBTAINED FROM EXTERNAL TOOLS FOR USE IN THREAT MODELING

摘要

An illustrative embodiment of automated application decomposition collects a set of information specific to an application by a plurality of external tools. Predefined heuristics and corresponding predefined conclusions, categorized corresponding to each of a particular external tool domain, are applied to the set of information collected by the plurality of external tools to create an intermediate result. The intermediate result is analyzed to form a set of conclusions about factors, representative of the application, used in application decomposition. The set of conclusions is exported and used to generate a model of the application. Integration between an existing threat modeling tool and external software for a purpose of automated application decomposition is provided in which the model is a starting point for identification of threats and weaknesses specific to the application.