hysnsec / awesome-threat-modelling Goto Github PK

The link for OWASP Threat Dragon needs to be updated to:
https://owasp.org/www-project-threat-dragon/

Add threat modeling list to awesome after 2nd Feb

I need to study this for evil need to know about threat modeling

Hi Team,

we have developed OVVL: https://github.com/OVVL-HSO/OVVL-Webapp

OVVL -> Open Weakness and Vulnerability Modeller

A STRIDE-based threat modelling tool that integrates CVEs. So you can do threat modeling based on STRIDE, but also analyse possible known vulnerabilities in case you already know off the shelf software components that may be used.

Best,

Andreas

Rapid Threat Model Prototyping (RTMP)... found here: https://github.com/geoffrey-hill-tutamantic/rapid-threat-model-prototyping-docs

RTMP is a threat modelling technique that decreases the time to make a threat model by focusing on getting the Access Control issues sorted first (Elevation of privilege in STRIDE). It uses STRIDE as its main description language but allows for integration with CWE and OWASP Top 10.

RTMP allows a practioner to add metadata describing the threats and mitigations directly to software diagrams, speeding up the whole threat modeling process. This is done through 11 simple steps which can be repeated across all sizes of projects.

RTMP also outlines how to properly integrate these steps into Agile workstreams and how to best use the outputs of a threat model (Threats & Mitigations).