Example Rundown
This is a detailed explanation of an example of a Project in ThreatPlaybook
- Install mermaidJS and mermaidCLI globally:
-
-
- Create Virtualenv with Python 2.7.X
- Install the Dependencies for the example with
pip install -r requirements.txt
- Install the vulnerable flask app with
docker pull abhaybhargav/vul_flask
- In the robot file, make sure you edit the ZAP specific variables to the ones you have in your ZAP deployment. This includes:
- Path to the zap.sh executable. You don't need to include the sh file in the path
- Port that ZAP runs on. Mine runs on port 8090. Please feel free to change
- Install the "Export Report" add-on on ZAP
- For this example, you will need nmap installed on the machine you are running this example as well
The example gives you a perspective of how you can use ThreatPlaybook.
The app that I am using to test ThreatPlaybook is a simple REST API, running on a Docker container. It can be pulled with
docker pull abhaybhargav/vul_flask
All of the relevant tests, yaml files, etc are in in the
Simple-API
directoryAll of the
User Stories -> Abuse Cases -> Threat Scenarios
are individually available (yml files) in the cases directorySecurity Tests are in the YML file in the
security_tests
directory Entities and connections are in the yml file directory
entities
Once you are done with Installation, all you have to do is cd into the Simple-API directory and run:
robot SecurityTest.robot
and watch the results.
All the results are written into the
results
directory, including the Report.md, which is the final Markdown report.
Last modified 4yr ago