Skip to content
#

threat-modeling

Star

Here are 77 public repositories matching this topic...

Language: All
Filter by language
All 77 Python 12 Java 8 JavaScript 6 HTML 4 Dockerfile 3 Jupyter Notebook 2 C# 1 Gherkin 1 Go 1 HCL 1
Sort: Best match
Sort options
Best match Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

izar / pytm

Star 511
Open

AA03 - is every implementsAuthenticationScheme an SSO scheme?

colesmj
colesmj commented Oct 21, 2018

"AA03": { "description": "Weakness in SSO Authorization", "source": (Process, Element), "target": (Process, Server), "condition": "target.implementsAuthenticationScheme is False", },

What if the Process implements BasicAuth or uses mutual TLS (neither of which is SSO)?
If the Process uses SAML or OAuth, then maybe.
Maybe authenticationScheme as a string var is neces

Read more
enhancement good first issue Hacktoberfest
Find more good first issues

dehydr8 / elevation-of-privilege

Star 40
Open

"Remove Threats" button clickable in wrong situation

1
ChristophNiehoff
ChristophNiehoff commented Oct 29, 2021

After every player has passed, but before a new card has been drawn, the "Remove Threat" button is still clickable.
The UI suggests that everything is ok, but the threat does not get removed in this corner case.

I believe it is due to

if (hasPlayerPassed(G, ctx) || (threat.owner !== ctx.playerID)) {
  return INVALID_MOVE;
}

in deleteThreats() in moves.js. One is still at

Read more
bug good first issue

Improve this page

Add a description, image, and links to the threat-modeling topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the threat-modeling topic, visit your repo's landing page and select "manage topics."

Learn more