-
Notifications
You must be signed in to change notification settings - Fork 16
/
advanced-threat-model.yml
83 lines (83 loc) · 2.57 KB
/
advanced-threat-model.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
name: Advanced Data Flow for Threat Modeling
version: 1.0.1
assets:
- personal-data
sensitivity: sensitive
description: name, email #Any string. Description of the asset to be viewed in the report
- image-file
sensitivity: sensitive
- comments
sensitivity: non-sensitive
elements:
- legitimate-user
name: User #Element's name to be viewed in the report
type: interactor # Setting element type explicitly. Values: interactor, proxy-server, web-server, database, external-service, internal-service, process
produced-assets:
- personal-data
- image-file
- comments
- proxy-server
name: Proxy Server
type: proxy-server
processed-assets:
- personal-data
- image-file
- comments
- web-server
name: API Server
type: web-server
processed-assets:
- personal-data
- image-file
- comments
- database
name: PostgreSQL
type: database
stored-assets:
- personal-data
- image-file
- comments
boundaries:
- dmz
category: demilitarized-zone #Setting boundary type. Values: global-network, demilitarized-zone, corporate-network, closed-perimeter
elements:
- proxy-server
- internal-network
category: closed-perimeter
elements:
- web-server
- database
- internet
category: global-network
elements:
- legitimate-user
data-flows:
- legitimate-user -> proxy-server
title: Users Request #Data flow description or name to be viewed in the report
authentication-method: openid #Authentication type of the source at the destination. Values: anonymous, credentials, basic, digest, openid, ldap, ntlm, kerberos, certificate, saml, bearer, s3, radius
authorization: read-write #How authorize what permission types has the source at the destination. Values: read, read-write, admin
account-management: external-sso #Setting account management responsibility at the destination. Values: external-sso, local-account, active-directory
encryption: yes #Values: yes, no
transferred-assets:
- personal-data
- image-file
- comments
- proxy-server -> web-server
title: Request to WebServer
authentication-method: certificate
authorization: read-write
encryption: no
transferred-assets:
- personal-data
- image-file
- comments
- web-server -> database
title: Database query
authentication-method: credentials
authorization: admin
encryption: no
account-management: local-account
transferred-assets:
- personal-data
- image-file
- comments