The Threat-Vector-Questionnaire is an interactive GUI used to capture architectural knowledge. This functionality provides developers with an interactive and easy to use GUI to capture design knowledge (security patterns as well as technical design decisions) regarding the security architecture of an application. The goal is to develop a threat generation module that can leverage software requirements to generate security threats.
To achieve this goal, we developed a requirements analysis and reasoning module. The Threat-Vector-Questionnaire uses advanced natural language processing techniques (NLP) to identify requirements with security implications. This capability works with a list of requirements stored in a csv file. It then automatically identifies security related requirements and based on them generates a set of threats relevant to the application.
Java Spring Web Application
The web application does not support Internet Explorer.
- Clone Threat-Vector-Questionnaire -https://github.com/secdec/threat-vector-questionnaire.git
- Build from Source Instructions
Licensed under the Apache-2.0 License.