secsimon / ttm Goto Github PK
View Code? Open in Web Editor NEWHome Page: https://www.simon-liebl.de/TTM
License: GNU General Public License v3.0
Home Page: https://www.simon-liebl.de/TTM
License: GNU General Public License v3.0
It would be great to have one or two more colors to show:
It would be great to be able to multi-select attack scenarios and countermeasures to be able to delete them faster.
Not yet sure how this is produced, but on two different devices the application has a memory leak that can exhaust CPU and RAM of the host.
Currently, the IEC 62443-4-2 form is not exported. It would be great to have it in the report.
Currently, the discoverability of keyboard shortcuts is rather limited. It would be nice to have an overview page (maybe per view if functionalities differ) that is easily accessible and discoverable.
For making collaboration without committing to Github (which might not be possible due to legal or contracting reasons), it would be nice if the savestate was changed as following:
Prettify JSON
This would greatly help when merging savestates. Currently, savestates do not really use lines. This is something that can be achieved using tools such as sed
, but since large states of several MB are not easy to check for errors and consistency, this is something the user really wants to avoid. If the state used multiple lines, it would be much easier to diff states
Do not use escapes for "
. Currently, the savestate uses escapes for "
Because of this, tools that are able to prettify, e.g. jq
cannot do their magic. Therefore, another tactic would be to remove escapes so that the JSON is prettifiable.
Sometimes when I want to add an attack scenario, the button is grayed out and I have no clue why.
It would be great to know what should be done to allow adding the countermeasure.
When the user draws a data flow, but later realizes, that the data flow is pointing in the wrong direction, it seems the only available option is to delete and redraw the data flow (apart from a cosmetic change of arrow direction).
It would be more convenient to allow swapping the direction. If the process of doing so would change or remove related data, a popup should notify the user about the changes triggered by the swap.
The Threat sources can not be added to the corresponding attack sceanarios as a drop down option which can be used for the risk assessment.
When editing attack scenarios and selecting a threat source in the modal, the threat source is not shown (but modifies the risk calculation)
It would be nice to be able create groups for apps (those directly above the DFDs). Furthermore, it would be great to have drag & drop.
For models with high complexity, it would be helpful to have a search function for the selection of system threats within the "Edit Attack Scenario" modal.
This would save the user quite some time.
It would add to usability to be able to use arrow keys on the selected countermeasures and attack scenarios to go up and down in the list.
I suspect that the application is running single-threaded.
It would be nice if it could use multi-core.
It would be really nice to be able to pre-define system threats via the configuration and allow to import them list-wise to a project.
E.g. BSI threat catalogue as a list
list all dependencies for npm would be helpful
It would be nice if the data flow diagram would allow elements to stick to grid lines when moving them around (allow to turn behavior on/off).
This would make it easier to draw decent diagrams.
In some cases multiple connections can be susceptible to the same attack scenario a possibility to select several targets for an attack scenario would be good to have. This is already the case for several targets in the counter measures.
An alternative could be to copy the attack scenario in a bulk edit to apply it to multiple targets in the same diagram.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.