RTMP is a threat modelling technique that decreases the time to make a threat model by focusing on getting the Access Control issues sorted first (Elevation of privilege in STRIDE). It uses STRIDE as its main description language but allows for integration with CWE and OWASP Top 10.
https://github.com/geoffrey-hill-tutamantic/rapid-threat-model-prototyping-docs
RTMP allows a practioner to add metadata describing the threats and mitigations directly to software diagrams, speeding up the whole threat modeling process. This is done through 11 simple steps which can be repeated across all sizes of projects.
RTMP also outlines how to properly integrate these steps into Agile workstreams and how to best use the outputs of a threat model (Threats & Mitigations).
- added Video: [ISO/SAE 21434 by Example](https://youtu.be/3LsNx-ljIK8?t=1180)
- added example: [ISO/SAE 21434 Annex G Example in YAKINDU Security Analyst](https://github.com/Yakindu/YSA-examples)
- added paid tool: [YAKINDU Security Analyst](https://www.itemis.com/de/yakindu/security-analyst/) - YAKINDU Security Analyst is a model-based software tool for threat analysis and risk assessment of technical systems. With Security Analyst you can identify your protection needs, analyze possible threats and calculate the resulting risks. The underlying assessment model and calculation logic are highly customizable and can be integrated into existing toolchains.
disclaimer: I'm a developer of it and speaker in that talk
* added read-me
* revoked the travis error
* added the appseco link
* Updated `Rvm`
* updated flag
* updated the url
* updated the old
* updated the flags
* updated the broken links
* added the course
* updated Readme
* Add practical devsecops logo and update readme.md
Co-authored-by: Mohammed A Imran <secfigo@gmail.com>
Mohammed A Imran
Tutamantic
Izar Tarandach
Robert
owangen
DiabloHorn
Izar Tarandach
Peter Thaleikis
joshua_jebaraj
abstraktor
Jon Gadsden
izar