search

OWASP / threat-dragon

An open source threat modeling tool from OWASP
https://owasp.org/www-project-threat-dragon/
Apache License 2.0
933 stars 251 forks source link

Reinstate automated generation of threats by element #792

Closed jgadsden closed 4 months ago

jgadsden commented 1 year ago

Describe what problem your feature request solves: Version 1.x has a feature where the threats are suggested by element, for example if STRIDE:

STRIDE per element
          S | T | R | I | D | E
ACTOR   | X |   | X |   |   |
STORE   |   | X | X | X | X |
PROCESS | X | X | X | X | X | X
FLOW    |   | X |   | X | X |

Describe the solution you'd like: Reinstate automated generation of threats by element

Additional context:

ryeqb commented 11 months ago

@jgadsden I'm curious, was this feature removed/deprecated in 2.x for any particular reason?

jgadsden commented 11 months ago

Well, only because we just did not have the engineering resource to implement it Version 2.x is (almost) a complete rewrite of version 1.6.1, and some features we really wanted but could not get the time to do them - such as automated generation of threats by element If you have some time to do this @ryeqb it would be very good to have

ryeqb commented 11 months ago

@jgadsden Im in the process of writing my bachelors thesis on templating threat models for IoT architectures and having had a quick look at Microsofts threat modeling tool, not having automated threat generation definitely stuck out. So did this the existing issue of non-existent templates given that's my thesis' goal https://github.com/OWASP/threat-dragon/issues/220

Hope I can help tackling both issues to some degree

jgadsden commented 11 months ago

Absolutely good to have any help you can on both these issues @ryeqb Say if you want me to assign an issue to you Awesome degree thesis by the way 👍🏾

jgadsden commented 9 months ago

This is a Google Summer of Code project, and the application dates for GSoC contributors are between March 18th and April 2nd

professorabhay commented 9 months ago

Hi, @jgadsden! I am interested to contribute this issue under Gsoc. I am looking for some help from you to understand that issue deeply. So, that I can create an outline for the remedy. 🙂 As mentioned the threats by element functionality available in v1.x but not in 2.x! I tried both the versions 2.2.0 and 1.6.1 - The difference I found is that -

In version 2.2.0 - image

In version 1.6.1 - image

Can you help me by providing more exposure to it, please?