Resources for following the live threat modeling session on Feb. 15th, 2023, as part of the open security summit.
We'll use VSCode to create the diagrams using graphviz. Of course you can use any text editor for this, but there are nice plugins which allow you to see in real time the model, as you're editing.
To create C4model diagrams using graphviz, you need to install the Graphviz Preview marketplace plugin in VSCode
dot.json helps you have VS Code shortcuts when editing .dot or .gv files. Choose File->Preferences->User Snippets and select dot.json from the list. You can then insert the contents of the dot.json file here.
Now that you're setup, here you can find the artifacts needed for the workshop:
- forderly_context.gv is the source code for the context (high-level) diagram
- forderly_container.gv is the source code for the container diagram
- All icons used for the diagram are located in images
- Report.md contains an exemplary report upon which we'll work during the workshop
- The folder msmtm contains files created using Microsoft's Threat Modeling Tool
- grade-context.gv is the source code for the context diagram of the grading system kata
- grade-container.gv is the source code for the container diagram created for the grading system kata