![]() ![]() Marco, I suspect you're comparing two similarly-named but separate and distinct products: I merge information provided by tools (v.3 and v.2.1) to generate the final reportĭo you agree with my approach? Is it correct? I use the version 2.1 to generate specific threats reportĮ. ![]() I use the previous information into version 2.1 to refine the threats categories and to obtain specific threats for my applicationĭ. I use the STRIDE model to identify the threats categoriesĬ. I use the version 3 beta to model system at high level (components, interactions, functions) with DFDī. To generate a complete threats report for the application, I try this approach:Ī. Are you planning to add it in the next version?ģ. The version 2.1 contains a wide threats library but it is not appear in version 3 beta. The DFD is the new approach that you will adopt for the future?Ģ. The version 2.1 not contains DFD and it models system at low level. The version 3 beta uses DFD to model system components and interactions at high level. I'm using the Threat Modeling tools (version 2.1 and 3 beta) and I have some questions:ġ.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |