A Pythonic framework for threat modeling
prerequisites
and likelihood
to Threat by @raphaelahrens in https://github.com/izar/pytm/pull/241
Full Changelog: https://github.com/izar/pytm/compare/v1.3.0...v1.3.1
Full Changelog: https://github.com/izar/pytm/compare/v1.2.0...v1.3.0
In this release, we are aiming at clearer reports and some more data-oriented facilities.
usesLatestTLSversion
with minTLSVersion
in assets and tlsVersion
in data flows #123
data
attribute of elements is initialied with a string, convert it to a Data
object with undefined
as name and the string as description; change the default classification from PUBLIC
to UNKNOWN
#148
checksDestinationRevocation
attribute to account for certificate revocation checks #109
Datastore
that has isEncryptedAtRest
set and a Data
that has isStored
set #141
Data Leak
threat so it does not always match #139
provideIntegrity
attribute in Actor
and Asset
classes #116
HandlesResources
attribute from the Process
class, which duplicates handlesResources
Dataflow.dstPort
attribute value from 10000
to -1
TM.onDuplicates
#100TM.ignoreUnused
is True #84TM.mergeResponses
is True; allow marking Dataflow
as responses #76TM.isOrdered
is True #66TM.threatsFile
#68