You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
All of those threat asciidoc files are generated empty - and do also NOT overwrite existing files
so normally ignored by git and also when used as includes inside asciidoc
in sttk_config.adoc all identifiers are available as variables:
sttk_name_my_webapplication="My Webapplication"
sttk_desc_my_webapplication="Description of web application..."
sttk_stride_desc_r_xyz=...default_parts to describe a problem, so reusable...
When developer edits
/sttk/stride/asciidoc/my_webapplication/s.adoc
he/she will be able to write
So after a new generation, all files are available.
We need a stride.adoc file which is generated and includes all files from sttk/stride/asciidoc subfolders
(when empty they will be ignored by asciidoc)
The text was updated successfully, but these errors were encountered:
UNDER CONSTRUCTION:
Stride proposal files (empty) + description asciidoc files having includes
With the information from sttk model, we know which parts of model do correspond to which part of S T R I D E
see https://en.wikipedia.org/wiki/STRIDE_(security)
So we can generate for each of the
dedicated, but empty asciidoc files
Example 1
sttk/common/asciidoc/common_sttk_config.adoc
/sttk/stride/asciidoc/my_webapplication/spoofing.adoc
/sttk/stride/asciidoc/my_webapplication/tampering.adoc
/sttk/stride/asciidoc/my_webapplication/repuiation.adoc
/sttk/stride/asciidoc/my_webapplication/information_disclosure.adoc
Example 2
sttk/stride/threat/spoofing-description.adoc
sttk/stride/threat/tampering-description.adoc
sttk/stride/threat/spoofing/my_webbaplication_integrity.adoc
sttk/stride/threat/tampering/my_webbaplication_authenticity.adoc
...
All of those threat asciidoc files are generated empty - and do also NOT overwrite existing files
so normally ignored by git and also when used as includes inside asciidoc
in sttk_config.adoc all identifiers are available as variables:
sttk_name_my_webapplication="My Webapplication"
sttk_desc_my_webapplication="Description of web application..."
sttk_stride_desc_r_xyz=...default_parts to describe a problem, so reusable...
When developer edits
/sttk/stride/asciidoc/my_webapplication/s.adoc
he/she will be able to write
=== {sttk_name_my_webapplication}
sttk_desc_my_webapplication
sttk_stride_desc_r_xyz
So after a new generation, all files are available.
We need a stride.adoc file which is generated and includes all files from sttk/stride/asciidoc subfolders
(when empty they will be ignored by asciidoc)
The text was updated successfully, but these errors were encountered: