kingthorin
commented
1 year ago Is mermaid rendered for GitHub pages?
Open northdpole opened 2 years ago
kingthorin
commented
1 year ago Is mermaid rendered for GitHub pages?
northdpole
commented
1 year ago yes!
kingthorin
commented
6 months ago Got an example?
kingthorin
commented
5 days ago I was able to have an LLM come up with these options (they haven't been tested on GitHub pages):
flowchart TB
OWASP_Wayfinder["OWASP Wayfinder"]
subgraph ASVS["Application Security Verification Standard"]
ASVS_V1["V1: Architecture, Design and Threat Modeling"]
ASVS_V1 --> ASVS_ThreatDragon["OWASP Threat Dragon"]
ASVS_V1 --> ASVS_Playbook["OWASP Threat Modeling Playbook"]
ASVS_V2["V2: Authentication"]
ASVS_V2 --> ASVS_ASVS["OWASP ASVS"]
ASVS_V2 --> ASVS_CheatSheet["OWASP Authentication Cheat Sheet"]
ASVS_V3["V3: Session Management"]
ASVS_V3 --> ASVS_CheatSheet3["OWASP Cheat Sheet Series"]
ASVS_V3 --> ASVS_CSRFGuard["OWASP CSRFGuard Project"]
ASVS_V4["V4: Access Control"]
ASVS_V4 --> ASVS_AppSensor["OWASP AppSensor Project"]
ASVS_V4 --> ASVS_CheatSheet4["OWASP Cheat Sheet Series"]
end
subgraph SCA["Software Component Analysis"]
SCA_Dependency["Dependency Management"]
SCA_Dependency --> SCA_DependencyCheck["OWASP Dependency-Check"]
SCA_Dependency --> SCA_DependencyTrack["OWASP Dependency-Track"]
SCA_Vulnerability["Vulnerability Management"]
SCA_Vulnerability --> SCA_ManagementGuide["OWASP Vulnerability Management Guide"]
SCA_Vulnerability --> SCA_RiskRating["OWASP Risk Rating Methodology"]
end
subgraph Threat["Threat Intelligence"]
Threat_Modeling["Threat Modeling"]
Threat_Modeling --> Threat_ThreatDragon["OWASP Threat Dragon"]
Threat_Modeling --> Threat_Playbook["OWASP Threat Modeling Playbook"]
Threat_Intelligence["Threat Intelligence Gathering"]
Threat_Intelligence --> Threat_Honeypot["OWASP Honeypot Project"]
Threat_Intelligence --> Threat_Database["OWASP Vulnerability Database"]
end
subgraph Testing["Security Testing"]
Testing_Static["Static Analysis"]
Testing_Static --> Testing_CodeReview["OWASP Code Review Guide"]
Testing_Static --> Testing_SourceTools["OWASP Source Code Analysis Tools"]
Testing_Dynamic["Dynamic Analysis"]
Testing_Dynamic --> Testing_ZAP["OWASP ZAP"]
Testing_Dynamic --> Testing_WSTG["OWASP Web Security Testing Guide"]
Testing_IAST["Interactive Application Security Testing"]
Testing_IAST --> Testing_IASTProject["OWASP IAST Project"]
Testing_IAST --> Testing_SAMM["OWASP SAMM"]
end
OWASP_Wayfinder --> ASVS
OWASP_Wayfinder --> SCA
OWASP_Wayfinder --> Threat
OWASP_Wayfinder --> Testing
mindmap
root((OWASP Wayfinder))
ASVS(Application Security Verification Standard)
V1(V1: Architecture, Design and Threat Modeling)
ThreatDragon[OWASP Threat Dragon]
Playbook[OWASP Threat Modeling Playbook]
V2(V2: Authentication)
ASVS[OWASP ASVS]
CheatSheet[OWASP Authentication Cheat Sheet]
V3(V3: Session Management)
CheatSheet[OWASP Cheat Sheet Series]
CSRFGuard[OWASP CSRFGuard Project]
V4(V4: Access Control)
AppSensor[OWASP AppSensor Project]
CheatSheet[OWASP Cheat Sheet Series]
SCA(Software Component Analysis)
Dependency(Dependency Management)
DependencyCheck[OWASP Dependency-Check]
DependencyTrack[OWASP Dependency-Track]
Vulnerability(Vulnerability Management)
ManagementGuide[OWASP Vulnerability Management Guide]
RiskRating[OWASP Risk Rating Methodology]
Threat(Threat Intelligence)
Modeling(Threat Modeling)
ThreatDragon[OWASP Threat Dragon]
Playbook[OWASP Threat Modeling Playbook]
Intelligence(Threat Intelligence Gathering)
Honeypot[OWASP Honeypot Project]
Database[OWASP Vulnerability Database]
Testing(Security Testing)
Static(Static Analysis)
CodeReview[OWASP Code Review Guide]
SourceTools[OWASP Source Code Analysis Tools]
Dynamic(Dynamic Analysis)
ZAP[OWASP ZAP]
WSTG[OWASP Web Security Testing Guide]
IAST(Interactive Application Security Testing)
IASTProject[OWASP IAST Project]
SAMM[OWASP SAMM]mindmap
root((OWASP Wayfinder))
ASVS(Application Security Verification Standard)
V1(V1: Architecture, Design and Threat Modeling)
ThreatDragon("OWASP Threat Dragon")
Playbook("OWASP Threat Modeling Playbook")
V2(V2: Authentication)
ASVS("OWASP ASVS")
CheatSheet("OWASP Authentication Cheat Sheet")
V3(V3: Session Management)
CheatSheet("OWASP Cheat Sheet Series")
CSRFGuard("OWASP CSRFGuard Project")
V4(V4: Access Control)
AppSensor("OWASP AppSensor Project")
CheatSheet("OWASP Cheat Sheet Series")
SCA(Software Component Analysis)
Dependency(Dependency Management)
DependencyCheck("OWASP Dependency-Check")
DependencyTrack("OWASP Dependency-Track")
Vulnerability(Vulnerability Management)
ManagementGuide("OWASP Vulnerability Management Guide")
RiskRating("OWASP Risk Rating Methodology")
Threat(Threat Intelligence)
Modeling(Threat Modeling)
ThreatDragon("OWASP Threat Dragon")
Playbook("OWASP Threat Modeling Playbook")
Intelligence(Threat Intelligence Gathering)
Honeypot("OWASP Honeypot Project")
Database("OWASP Vulnerability Database")
Testing(Security Testing)
Static(Static Analysis)
CodeReview("OWASP Code Review Guide")
SourceTools("OWASP Source Code Analysis Tools")
Dynamic(Dynamic Analysis)
ZAP("OWASP ZAP")
WSTG("OWASP Web Security Testing Guide")
IAST(Interactive Application Security Testing)
IASTProject("OWASP IAST Project")
SAMM("OWASP SAMM")Not sure I really like any of them, but at least it gives an idea of the possibilities. Also FYI I discovered that GitHub Mermaid syntax doesn't support CSS styling although Mermaid itself does.
northdpole
commented
1 day ago Excellent idea! Let me see what is possible!
On Wed, 3 Jul 2024, 14:29 Rick M, @.***> wrote:
I was able to have an LLM come up with these options (they haven't been tested on GitHub pages): OWASP Wayfinder Flowchart
flowchart TB OWASP_Wayfinder["OWASP Wayfinder"]
subgraph ASVS["Application Security Verification Standard"] ASVS_V1["V1: Architecture, Design and Threat Modeling"] ASVS_V1 --> ASVS_ThreatDragon["OWASP Threat Dragon"] ASVS_V1 --> ASVS_Playbook["OWASP Threat Modeling Playbook"]
ASVS_V2["V2: Authentication"] ASVS_V2 --> ASVS_ASVS["OWASP ASVS"] ASVS_V2 --> ASVS_CheatSheet["OWASP Authentication Cheat Sheet"] ASVS_V3["V3: Session Management"] ASVS_V3 --> ASVS_CheatSheet3["OWASP Cheat Sheet Series"] ASVS_V3 --> ASVS_CSRFGuard["OWASP CSRFGuard Project"] ASVS_V4["V4: Access Control"] ASVS_V4 --> ASVS_AppSensor["OWASP AppSensor Project"] ASVS_V4 --> ASVS_CheatSheet4["OWASP Cheat Sheet Series"]end
subgraph SCA["Software Component Analysis"] SCA_Dependency["Dependency Management"] SCA_Dependency --> SCA_DependencyCheck["OWASP Dependency-Check"] SCA_Dependency --> SCA_DependencyTrack["OWASP Dependency-Track"]
SCA_Vulnerability["Vulnerability Management"] SCA_Vulnerability --> SCA_ManagementGuide["OWASP Vulnerability Management Guide"] SCA_Vulnerability --> SCA_RiskRating["OWASP Risk Rating Methodology"]end
subgraph Threat["Threat Intelligence"] Threat_Modeling["Threat Modeling"] Threat_Modeling --> Threat_ThreatDragon["OWASP Threat Dragon"] Threat_Modeling --> Threat_Playbook["OWASP Threat Modeling Playbook"]
Threat_Intelligence["Threat Intelligence Gathering"] Threat_Intelligence --> Threat_Honeypot["OWASP Honeypot Project"] Threat_Intelligence --> Threat_Database["OWASP Vulnerability Database"]end
subgraph Testing["Security Testing"] Testing_Static["Static Analysis"] Testing_Static --> Testing_CodeReview["OWASP Code Review Guide"] Testing_Static --> Testing_SourceTools["OWASP Source Code Analysis Tools"]
Testing_Dynamic["Dynamic Analysis"] Testing_Dynamic --> Testing_ZAP["OWASP ZAP"] Testing_Dynamic --> Testing_WSTG["OWASP Web Security Testing Guide"] Testing_IAST["Interactive Application Security Testing"] Testing_IAST --> Testing_IASTProject["OWASP IAST Project"] Testing_IAST --> Testing_SAMM["OWASP SAMM"]end
OWASP_Wayfinder --> ASVS OWASP_Wayfinder --> SCA OWASP_Wayfinder --> Threat OWASP_Wayfinder --> Testing
Loading OWASP Wayfinder Diagram
mindmap root((OWASP Wayfinder)) ASVS(Application Security Verification Standard) V1(V1: Architecture, Design and Threat Modeling) ThreatDragon[OWASP Threat Dragon] Playbook[OWASP Threat Modeling Playbook] V2(V2: Authentication) ASVS[OWASP ASVS] CheatSheet[OWASP Authentication Cheat Sheet] V3(V3: Session Management) CheatSheet[OWASP Cheat Sheet Series] CSRFGuard[OWASP CSRFGuard Project] V4(V4: Access Control) AppSensor[OWASP AppSensor Project] CheatSheet[OWASP Cheat Sheet Series] SCA(Software Component Analysis) Dependency(Dependency Management) DependencyCheck[OWASP Dependency-Check] DependencyTrack[OWASP Dependency-Track] Vulnerability(Vulnerability Management) ManagementGuide[OWASP Vulnerability Management Guide] RiskRating[OWASP Risk Rating Methodology] Threat(Threat Intelligence) Modeling(Threat Modeling) ThreatDragon[OWASP Threat Dragon] Playbook[OWASP Threat Modeling Playbook] Intelligence(Threat Intelligence Gathering) Honeypot[OWASP Honeypot Project] Database[OWASP Vulnerability Database] Testing(Security Testing) Static(Static Analysis) CodeReview[OWASP Code Review Guide] SourceTools[OWASP Source Code Analysis Tools] Dynamic(Dynamic Analysis) ZAP[OWASP ZAP] WSTG[OWASP Web Security Testing Guide] IAST(Interactive Application Security Testing) IASTProject[OWASP IAST Project] SAMM[OWASP SAMM]
Loading OWASP Wayfinder Diagram
mindmap root((OWASP Wayfinder)) ASVS(Application Security Verification Standard) V1(V1: Architecture, Design and Threat Modeling) ThreatDragon("OWASP Threat Dragon") Playbook("OWASP Threat Modeling Playbook") V2(V2: Authentication) ASVS("OWASP ASVS") CheatSheet("OWASP Authentication Cheat Sheet") V3(V3: Session Management) CheatSheet("OWASP Cheat Sheet Series") CSRFGuard("OWASP CSRFGuard Project") V4(V4: Access Control) AppSensor("OWASP AppSensor Project") CheatSheet("OWASP Cheat Sheet Series") SCA(Software Component Analysis) Dependency(Dependency Management) DependencyCheck("OWASP Dependency-Check") DependencyTrack("OWASP Dependency-Track") Vulnerability(Vulnerability Management) ManagementGuide("OWASP Vulnerability Management Guide") RiskRating("OWASP Risk Rating Methodology") Threat(Threat Intelligence) Modeling(Threat Modeling) ThreatDragon("OWASP Threat Dragon") Playbook("OWASP Threat Modeling Playbook") Intelligence(Threat Intelligence Gathering) Honeypot("OWASP Honeypot Project") Database("OWASP Vulnerability Database") Testing(Security Testing) Static(Static Analysis) CodeReview("OWASP Code Review Guide") SourceTools("OWASP Source Code Analysis Tools") Dynamic(Dynamic Analysis) ZAP("OWASP ZAP") WSTG("OWASP Web Security Testing Guide") IAST(Interactive Application Security Testing) IASTProject("OWASP IAST Project") SAMM("OWASP SAMM")
Loading
Not sure I really like any of them, but at least it gives an idea of the possibilities. Also FYI I discovered that GitHub Mermaid syntax doesn't support CSS styling although Mermaid itself does.
— Reply to this email directly, view it on GitHub https://github.com/northdpole/owaspwayfinder/issues/6#issuecomment-2206082987, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAMCRHXRBMBAH7G2BGECCY3ZKP4FBAVCNFSM6AAAAABKJS7BFSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMBWGA4DEOJYG4 . You are receiving this because you were assigned.Message ID: @.***>
https://github.blog/2022-02-14-include-diagrams-markdown-files-mermaid/