diff --git a/README.md b/README.md index 51aeb4e..9864b3f 100644 --- a/README.md +++ b/README.md @@ -48,8 +48,6 @@ These are just a few ideas. * materialize_threats python module * Parse [draw.io](https://github.com/jgraph/drawio-desktop/releases) data flow diagrams into graph representation (nodes, edges) stored in a RDBMS (sqlite in this demo) * SQL (ORM) implementation of [Rapid Threat Model Prototyping methodology](https://github.com/geoffrey-hill-tutamantic/rapid-threat-model-prototyping-docs) used to generate threat classes -* (Optional) Minimal Draw.io shape library (dfd-materialize.xml) - * Tag trust zones more easily * [Gherkin](https://cucumber.io/docs/gherkin/) + [STRIDE](https://en.wikipedia.org/wiki/STRIDE_(security)) test plan/feature file generator # :wrench: How do I use it? @@ -57,7 +55,7 @@ These are just a few ideas. ![](samples/bookface.gif) ## 1. Creating the diagram -* Use [draw.io](https://github.com/jgraph/drawio-desktop/releases) with the built-in threat modeling shape set, or use ours +* Use [draw.io](https://github.com/jgraph/drawio-desktop/releases) with the built-in Threat Modeling Shape Library * Create a data flow diagram using some guidelines * Use processes between entities to describe flows * Example: [Entity: Browser] --> (Process: Login) ----> [Entity: API] diff --git a/dfd-materialize.xml b/dfd-materialize.xml deleted file mode 100644 index 7f8587a..0000000 --- a/dfd-materialize.xml +++ /dev/null @@ -1 +0,0 @@ -[{"xml":"dVFLDoMgED0Ne4SkB6i1rpoumh4AdSI0KAanVW9fEKya1MUkM2/emy/haTPmVnTyZirQhGeEp9YYDF4zpqA1YVRVhF8IY9QZYdeDbDJnaScstPhH8OzB3osXlOhYOHUQOI6scApaLQo/hoezDbx0YD7cN+9x0rGQNe+2Ak+lhJ8HqRAenSh9dnA7Okxi46snzg2FP2ARxsPxk02/HEwDaN1EdFAVysiIK1IJqpZRdoqY6ENc/6TrMZwTd1jCzXkWaH3FTN996gs=","w":120,"h":60,"aspect":"fixed","title":"Entity"},{"xml":"dVHBDoIwDP2a3WG7eBaUk9HE+AEDqpsZbtkagb+3c6KQyGFJ+/ra19cxUXRD5aVTB9uCYWLHROGtxRR1QwHGMJ7plomScZ7RY3y/Us3f1cxJDw/803AJ4I/1HRokFo4OEsd520AIqdnIOu4R8dMcnzR4TJfyAUfzGUWAdoGSba80wtnJJlZ6ckiYwi6OzimUwcU1RHnVA9DobVJ5gkcYVt3kM/EKbAfoR6L0ukWVGJtkOFOgbwqXmAwpv307f6eh4ONnSmfHmqDfx7zpi397AQ==","w":80,"h":80,"aspect":"fixed","title":"Process"},{"xml":"dVHRbsMgDPwa3gmR9gFLuz5Nk1btA9zGDUxOiMBakr+vCWRttfUB6c532IdRddPPhwCjffctkqr3qm6C95xRPzdIpIx2rap3yhgtR5m3J2q1qnqEgAP/c+ErYvg4feOZxcXLiNnTAoMUIvuAuQPBKYVJ4u6PuE0ziT4GibxQaRotrP0lDDugTxkKQ5fU18k6xuMI56RP8nipWe7TwEog4SWF1wKD6+yGL46o8eSD8MEPqVHO84OBcX66geou5gF9jxwWsUyuZVscZUvaYpkn9KXUIGbe/V697VNAefpG7za8lW6/udofPvsK","w":120,"h":60,"aspect":"fixed","title":"Data Store"},{"xml":"dVJNT4QwEP01vUOrm70K6p6MB6MHb4XO0uqUklIF/PVOobiQuIcm0/fefA8TpR1PXnb6ySlAJh6YKL1zYbHsWAIi45lRTNwzzjN6jD9eYfOZzTrpoQ3/OLz24J+rD6gDqcLUwaIJ/quPyI9rYYmAsorFRPI9S0FR1qAdKvD9LlsrbYrzJr2RFaYYa1E8fvf19mHCNTeMVGmhg435cjL74N0nlA6dnyXiyCtxOBBzNogbXN3CUd0QLtE0LWE1dQ1EFt/gg6kl3iXCGqViwmLQJsBLR50QOtDYCXOkPqMbCNGkA3Iolg5iGBivjjbfNHYCZyH4iSSDUUEvCpFmp8E0OnmljWQyTbH587zsiYw0q/W72dwKXa5klu+O6Bc=","w":30,"h":20,"aspect":"fixed","title":"Trust Zone Label"},{"xml":"jVJbjsIwDDxN/kOiPQCULV8rcYWo8TaR0ho5Btrbr9W00GpBIlIkezwzdh7KVt1wIncJP+ghKfutbEWIXKJuqCAlZXT0yh6VMVq2MvWb6m6q6osj6PkTgSmCm0tXKEgBMo9pBqD3eyK8S9Ykl3NslD0E7mTW407CX+y5woQ00W1dW1mCFyPwLbydbYLmwU6AHTCNQrlHz6Ewvsr4OkBsA28xguQ43rb2Lpe0fdg9OpwxSmOjx63Nosh4pQZm0vrKFt3wWseOWuB/OglWh3pC0wMs6fOhC339D/4A","w":50,"h":50,"aspect":"fixed","title":"Data Flow"},{"xml":"jVJbjsIwDDxN/kMiDsCWLV9IXCFqvE2ktEaOgfb2azUttGKRNlIke+wZPxJlq244kbuGM3pIyn4rWxEiF6sbKkhJGR29skdljJarTP0hupui+uoIev4PwRTC3aUbFKQAmcc0A9D7AxE+xGuSyzk2yn5ldsTvcOBORjjuxPzBnitMSJOKrWsrR/CiD76Fjy1P0NzvCbADplFSHtFzKBn7MpUOENvAW4wgOY73rbzLxW2fcs8KF4xS2OhxK7MwMt6ogTlpvcmFN/zNkwW1wG88MVZDvaDpXRb39f4lff09fgE=","w":50,"h":50,"aspect":"fixed","title":"Bidirectional Data Flow"}] \ No newline at end of file