Define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram (DFD), a Sequence Diagram and most important of all, threats to your system.

Dot and PlantUML.

When --dfd argument is passed to the above file it generates output to stdout, which is fed to Graphviz’s dot to generate the Data Flow Diagram: --dfd | dot -Tpng -o sample.png

Generates this diagram:

The following command generates a Sequence diagram. --seq | java -Djava.awt.headless=true -jar plantuml.jar -tpng -pipe > seq.png

Generates this diagram:

The diagrams and findings can be included in the template to create a final report: --report docs/ | pandoc -f markdown -t html > report.html

The templating format used in the report template is very simple:

# Threat Model Sample

## System Description


## Dataflow Diagram

![Level 0 DFD](dfd.png)

## Dataflows

Name|From|To |Data|Protocol|Port

## Findings

{findings:repeat:* {{item.description}} on element "{{}}"

Source link

Write a comment:

Your email address will not be published.