GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → stevespringett → threatmodel-sdk

stevespringett / threatmodel-sdk

Licence: other
A Java library for parsing and programmatically using threat models

Programming Languages

java
68154 projects - #9 most used programming language

Labels

sdkappsecsoftware-securitythreat-modelsecure-design

Projects that are alternatives of or similar to threatmodel-sdk

dependency-check-plugin
Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
Stars: ✭ 107 (+57.35%)
Mutual labels:  appsec, software-security
zap-sonar-plugin
Integrates OWASP Zed Attack Proxy reports into SonarQube
Stars: ✭ 66 (-2.94%)
Mutual labels:  appsec, software-security
hakbot-origin-controller
Vendor-Neutral Security Tool Automation Controller (over REST)
Stars: ✭ 30 (-55.88%)
Mutual labels:  appsec, software-security
vulndb-data-mirror
A simple Java command-line utility to mirror the entire contents of VulnDB.
Stars: ✭ 36 (-47.06%)
Mutual labels:  appsec, software-security
awesome-policy-as-code
A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
Stars: ✭ 121 (+77.94%)
Mutual labels:  appsec
sample-scan-files
Sample scan files for testing DefectDojo imports
Stars: ✭ 60 (-11.76%)
Mutual labels:  appsec
OversecuredVulnerableiOSApp
Oversecured Vulnerable iOS App
Stars: ✭ 138 (+102.94%)
Mutual labels:  appsec
appsec-education
Presentations, training modules, and other education materials from Duo Security's Application Security team.
Stars: ✭ 59 (-13.24%)
Mutual labels:  appsec
www-project-zap
OWASP Zed Attack Proxy project landing page.
Stars: ✭ 52 (-23.53%)
Mutual labels:  appsec
awesome-security-articles
This repository contains links to awesome security articles.
Stars: ✭ 33 (-51.47%)
Mutual labels:  appsec
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+10977.94%)
Mutual labels:  appsec
www-project-code-review-guide
OWASP Code Review Guide Web Repository
Stars: ✭ 74 (+8.82%)
Mutual labels:  appsec
Resources-for-Application-Security
Some good resources for getting started with application security
Stars: ✭ 97 (+42.65%)
Mutual labels:  appsec
cryptonice
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…
Stars: ✭ 91 (+33.82%)
Mutual labels:  appsec
nodejssecurity
Documentation for Essential Node.js Security
Stars: ✭ 64 (-5.88%)
Mutual labels:  appsec
nerdbug
Full Nuclei automation script with logic explanation.
Stars: ✭ 153 (+125%)
Mutual labels:  appsec
threat-model-templates
Templates for the Microsoft Threat Modeling Tool
Stars: ✭ 73 (+7.35%)
Mutual labels:  threat-model
events
Repository of events for the Software Crafters Sydney community
Stars: ✭ 13 (-80.88%)
Mutual labels:  software-security
tutorials
Additional Resources For Securing The Stack Tutorials
Stars: ✭ 36 (-47.06%)
Mutual labels:  appsec
www-project-vulnerable-web-applications-directory
The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site
Stars: ✭ 10 (-85.29%)
Mutual labels:  appsec
View All Similar Projects ➔

Build Status Codacy Badge License

ThreatModel SDK

The ThreatModel SDK is a minimalistic Java library that provides a basic vendor-neutral object model along with the ability to parse reports generated from common threat modeling tools.

Intent and Purpose

The intent of the ThreatModel SDK is to represent threat model data in a normalized way, regardless of approach, tool, or vendor. The primary purpose of the SDK is to facilitate the automation of threat model data by exfiltrating threat intelligence from the model so that identified threats can be automatically added to a teams backlog or defect tracking system.

The goal of this project is NOT to graphically represent threat model data through user interfaces.

Supported Threat Modeling Tools

  • Microsoft Threat Modeling Tool 2016

Compiling

$ mvn clean package

Usage Example

// Threat model file to open
File file = new File("/path/to/threatmodel.tm7");

// Creates a normalized, vender-neutral ThreatModel object
ThreatModel threatModel = ThreatModelFactory
    .parse(file, ThreatModelingTool.MICROSOFT_THREAT_MODELING_TOOL_2016);
// Java Bean conventions
Threat threat = new Threat();
threat.setName("XSS");
threat.setRisk(risk);

// Fluent interface
Threat threat = new Threat()
  .name("XSS")
  .risk(risk);

Maven Usage

The Threatmodel SDK is available on the Maven Central Repository.

<dependency>
    <groupId>us.springett</groupId>
    <artifactId>threatmodel-sdk</artifactId>
    <version>1.0.0</version>
</dependency>

Copyright & License

ThreatModel SDK is Copyright (c) Steve Springett. All Rights Reserved.

All other trademarks are property of their respective owners.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].