GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → OWASP → Threat Model Cookbook

OWASP / Threat Model Cookbook

Licence: other
This project is about creating and publishing threat model examples.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

appsec

Projects that are alternatives of or similar to Threat Model Cookbook

Dirsearch
Web path scanner
Stars: ✭ 7,246 (+4457.23%)
Mutual labels:  appsec
Bulwark
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (-28.93%)
Mutual labels:  appsec
Njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (-19.5%)
Mutual labels:  appsec
Railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
Stars: ✭ 699 (+339.62%)
Mutual labels:  appsec
Zaproxy
The OWASP ZAP core project
Stars: ✭ 9,078 (+5609.43%)
Mutual labels:  appsec
Websocket Fuzzer
HTML5 WebSocket message fuzzer
Stars: ✭ 115 (-27.67%)
Mutual labels:  appsec
Zap Extensions
OWASP ZAP Add-ons
Stars: ✭ 486 (+205.66%)
Mutual labels:  appsec
Web Methodology
Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
Stars: ✭ 142 (-10.69%)
Mutual labels:  appsec
Purify
All-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (-54.72%)
Mutual labels:  appsec
Oob Server
A Bind9 server for pentesters to use for Out-of-Band vulnerabilities
Stars: ✭ 125 (-21.38%)
Mutual labels:  appsec
Dependency Track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Stars: ✭ 718 (+351.57%)
Mutual labels:  appsec
Reapsaw
Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
Stars: ✭ 37 (-76.73%)
Mutual labels:  appsec
Securityrat
OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Stars: ✭ 115 (-27.67%)
Mutual labels:  appsec
Kamus
An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
Stars: ✭ 694 (+336.48%)
Mutual labels:  appsec
Kurukshetra
Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.
Stars: ✭ 131 (-17.61%)
Mutual labels:  appsec
Owasp Vwad
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Stars: ✭ 487 (+206.29%)
Mutual labels:  appsec
Bag Of Holding
An application to assist in the organization and prioritization of software security activities.
Stars: ✭ 114 (-28.3%)
Mutual labels:  appsec
Ovaa
Oversecured Vulnerable Android App
Stars: ✭ 152 (-4.4%)
Mutual labels:  appsec
Nist Data Mirror
A simple Java command-line utility to mirror the CVE JSON data from NIST.
Stars: ✭ 135 (-15.09%)
Mutual labels:  appsec
Pidrila
Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (-21.38%)
Mutual labels:  appsec
View All Similar Projects ➔

OWASP Threat Model Cookbook Project

This project is about creating and publishing threat model examples. They can be in the form of code, graphical or textual representations. The models will use diverse technologies, methodologies and techniques.

You can learn from those models, use them a base to start your own, or contribute and expand some of the models. Thus making this a collaborative cookbook of threat models.

https://owasp.org/www-project-threat-model-cookbook/

https://twitter.com/OWASP_tmcb

Disclaimer

Examples provided in this repository are not representations of secure systems, but rather insecure systems that are easy to model. Most of them are made up systems that doesn't exist in reality. Any resemblance to real life systems is purely coincidental.

Contributing

We are welcoming PRs containing examples to add to the cookbook. If you want to add new threat models, create more versions based of existing drafts, feel free to directly submit a PR.

Here's some guidelines on how our file structure works:

  • INDEX.md contains all systems that are modeled with embeded pictures and short descriptions.
  • Top-level directories are the type of threat models. Example: Flow Diagram.
  • If your threat model has 1 or 2 files, you can put the files directly in that directory. If they have more, please create a folder with the name of your system to be modeled.
  • The name of the system needs to be using dashes and alphanumeric characters only. No spaces.
  • The files needs to have a specific extension depending on the format: system-name.tool and system-name.tool.exportfiletype. As examples, we have the code file cryptowallet.plantuml and the output to an image file generated from that code as cryptowallet.plantuml.svg. Refer to the README.md in each top-level folder for a list of tools and their file extension matches.
  • If you have multiple representation of the same system using the same tool, we suggest you add altN- at the start of the file where N is a number.

If this sounds complicated and you just want to contribute, you can still submit a PR and we'll refactor it for you. We might have more automation and outside references in the future so we want to keep a strict file structure.

If you'd like to discuss about the structure of the project, feel free to join the discussion on OWASP Slack.

Licenses

All models in form of textual or graphical representations are under CC-BY 4.0

All models as code are under Apache License 2.0

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].