Skip to content

A Threat generation module that can leverage software requirements to generate threats.

License

Notifications You must be signed in to change notification settings

secdec/threat-vector-questionnaire

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 

Repository files navigation

tv-logo

Summary

The Threat-Vector-Questionnaire is an interactive GUI used to capture architectural knowledge. This functionality provides developers with an interactive and easy to use GUI to capture design knowledge (security patterns as well as technical design decisions) regarding the security architecture of an application. The goal is to develop a threat generation module that can leverage software requirements to generate security threats.

How it Works

To achieve this goal, we developed a requirements analysis and reasoning module. The Threat-Vector-Questionnaire uses advanced natural language processing techniques (NLP) to identify requirements with security implications. This capability works with a list of requirements stored in a csv file. It then automatically identifies security related requirements and based on them generates a set of threats relevant to the application.

Details

Java Spring Web Application

The web application does not support Internet Explorer.

Installation

Detailed instructions

For Developers & Contributors

Build Instructions

  1. Clone Threat-Vector-Questionnaire -https://github.com/secdec/threat-vector-questionnaire.git
  2. Build from Source Instructions

License

Licensed under the Apache-2.0 License.

About

A Threat generation module that can leverage software requirements to generate threats.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published