ArchSec automates Microsoft’s Threat Modeling process in two ways: First, it automatically extracts architectural views for component-based software systems. Second, it is capable of automatically identifying security flaws in architectural views.
eNYPD is a static analysis for identifying entry points of applications. An entry point is any method that an external user or system can control directly. The information on entry points is necessary in many different security analyses, such as Threat Modeling, input validation analyses, or security metrics.
SeeAuthZ is a configurable analysis tool for extracting the implemented authorization policy. Therefore, it extracts the authorization facts the program enforces while accessing a sensitive resource. This information can be used to re-document the authorization policy if the developers lost it or never wrote it down or compare the implemented authorization policy with the planned policy to identify divergences.