Abstract

pytm is a Pythonic framework for threat modeling. Developers can define their system in Python code as a collection of objects and annotate them with properties. Security practitioners can add threats to the “Threats” object (see https://github.com/izar/pytm/blob/master/pytm/threats.py). The logic lives in the “condition” of the “Threats” object, where members of target can be logically evaluated. If the “condition” returns a “True”, that means the rule found a potential threat. More details at https://github.com/izar/pytm

Usage: tm.py [-h] [–debug] [–resolve] [–dfd] [–report] [–all] [–exclude EXCLUDE] [–seq]

optional arguments: -h, –help show this help message and exit
–debug print debug messages
–resolve identify threats
–dfd output DFD (default)
–report output report
–all output everything
–exclude EXCLUDE specify threat IDs to be ignored
–seq output sequential diagram