Security/Mentorships/MWoS/2014/online threat modeling tool
Team
Introduction
We are a team of student web developers from Halifax, Canada who love clean code. We are working on a web-based threat modelling tool called SeaSponge.
Members
- Mathew Kallada
- Glavin Wiechert
- Joel Kuntz
- Sarah MacDonald
- Professor: Dr. Pawan Lingras
- Mozilla Advisor: Curtis Koenig
Project
Description
Threat modelling is an important part of designing an application, and a threat model diagram is a very useful way to document the threats that apply to your application. Unfortunately there are a very limited number of threat modelling tools available, and most of those are restricted to specific platforms. This project is to create an online HTML5 application which will allow the user to easily create threat model diagrams online. It should be very easy to use, and allow the diagrams to be exported in the most common image formats. The graphical elements of the Microsoft Threat Modeling tool are a good example of the type of functionality required.
Scope
Success Criteria
- Build a fully-fledged web-based client-side tool for designing software architectures
- Analyze element interactions based on STRIDE attributes and generate security vulnerability reports
- The tool should have a comparable amount of features and functionality to the Microsoft Threat Modelling Tool.
- The tool should have well-bred documentation so that people can start using it.
Milestones
- Create Graph drawing interface
- Save/Export Graphs
- Analyze STRIDE elements and create reports
- Documentation
Updates
Group Meeting: July 31, 2014
Current Work
- -
Blocking points
- -
Discussion Points
- Welcome to MWoS
- Forms + Setup
- Where to learn more about threat modeling (Book, Microsoft Videos)
Upcoming Work
- Investigate Libraries to use
- Sign Forms + Join Wiki
- Decide Name for Project
- Create Team Introduction