Security/Mentorships/MWoS/2014/online threat modeling tool: Difference between revisions

From MozillaWiki
< Security‎ | Mentorships‎ | MWoS‎ | 2014
Jump to navigation Jump to search
No edit summary
Line 25: Line 25:
* Create Graph drawing interface
* Create Graph drawing interface
* Save/Export Graphs
* Save/Export Graphs
* Analyze STRIDE elements and create reports
* Analyze STRIDE interactions and generate reports for end-user
* Documentation
* Documentation


Revision as of 16:00, 2 August 2014

Team

Introduction

We are a team of student web developers from Halifax, Canada who love clean code. We are working on a web-based threat modelling tool called SeaSponge.

Members

  • Mathew Kallada
  • Glavin Wiechert
  • Joel Kuntz
  • Sarah MacDonald
  • Professor: Dr. Pawan Lingras
  • Mozilla Advisor: Curtis Koenig

Project

Description

Threat modelling is an important part of designing an application, and a threat model diagram is a very useful way to document the threats that apply to your application. Unfortunately there are a very limited number of threat modelling tools available, and most of those are restricted to specific platforms. This project is to create an online HTML5 application which will allow the user to easily create threat model diagrams online. It should be very easy to use, and allow the diagrams to be exported in the most common image formats. The graphical elements of the Microsoft Threat Modeling tool are a good example of the type of functionality required.

Scope

Success Criteria

  • Build a fully-fledged web-based client-side tool for designing software architectures
  • Analyze element interactions based on STRIDE attributes and generate security vulnerability reports
  • The tool should have a comparable amount of features and functionality to the Microsoft Threat Modelling Tool.
  • The tool should have well-bred documentation so that people can start using it.

Milestones

  • Create Graph drawing interface
  • Save/Export Graphs
  • Analyze STRIDE interactions and generate reports for end-user
  • Documentation

Updates

Group Meeting: July 31, 2014

Current Work
  • -
Blocking points
  • -
Discussion Points
  • Welcome to MWoS
  • Forms + Setup
  • Where to learn more about threat modeling (Book, Microsoft Videos)
Upcoming Work
  • Investigate Libraries to use
  • Sign Forms + Join Wiki
  • Decide Name for Project
  • Create Team Introduction

References

  1. Threat Modeling Tool Principles
  2. Threat Threat Modeling (Microsoft Book)
Retrieved from "https://wiki.allizom.org/index.php?title=Security/Mentorships/MWoS/2014/online_threat_modeling_tool&oldid=1001958"