Dear Sir,
I am trying to integrate Fortify SCA Plugin with Visual Studio 2010 or 2013 Professional Edition.
I am not able to find the HP Fortify plugin installer anywhere. Would you please provide me the link source for Plugin that can be integrated with visual studio 2010 or 2013.
Also give me instruction sheet to integrate the plugin with studio to scan my application.
Thanks in advance.
Hello,
I'm using the Threat Modeling tools (version 2.1 and 3 beta) and I have some questions:
1. The two versions appear quite different. The version 3 beta uses DFD to model system components and interactions at high level. The version 2.1 not contains DFD and it models system at low level. The DFD is the new approach that you will adopt for the future?
2. The version 2.1 contains a wide threats library but it is not appear in version 3 beta. Are you planning to add it in the next version?
3. To generate a complete threats report for the application, I try this approach:
a. I use the version 3 beta to model system at high level (components, interactions, functions) with DFD
b. I use the STRIDE model to identify the threats categories
c. I use the previous information into version 2.1 to refine the threats categories and to obtain specific threats for my application
d. I use the version 2.1 to generate specific threats report
e. I merge information provided by tools (v.3 and v.2.1) to generate the final report
Do you agree with my approach? Is it correct?
Thank you,
Marco Vallini
This is really bad first impression. Please fix it.
Steps to reproduce:
1. Install application using ClickOnce installer
2. Open application
When navigating in the designer the Scroll Wheel scrolls vertically and Ctrl+Scroll Wheel zooms.
It would be helpful to have Shift+Scroll Wheel scroll horizontally similar to how Paint.Net does instead of just performing a vertical scroll.
Hi,
I'm trying to encrypt Azure VMs' disks. It is working well for some but I'm getting an error on some VM's. The command I run is
Set-AzureRmVMDiskEncryptionExtension
And the error I get is:
Set-AzureRmVMDiskEncryptionExtension : User encryption settings in the VM model are not supported. Please upgradeIn one environment, I removed those VM's and recreated them so I didn't get an error after that but it sounds not a good practice since all VM's are the same. Now it happened again in other environment and I would like to understand why this happens for some VMs and it works for others.
I would like to recommend a few quality of life improvements for the user interface of the Threat Modeling Tools.
For 1. and 2., two checkboxes that toggle the grid can be added to the tool panel.
For 3. and 4., perhaps the easiest solution is to expand the Element Properties of graphical elements to include "show/hide icon", removing the green rounded rectangle for data flows when the icon is hidden and there is no text.
I am getting below error when i run the binscope tool what is the solution to resolve the issue
c:\program files (x86)\microsoft visual studio 12.0\vc\atlmfc\include\atlcomcli.h(ManagedXMLParser.obj (SLV_Impl_SolvableModelUtilityLib.lib)) - UNKNOWN (Hash 3B-C9-6F-15-8B-0B-56-54-53-76-4A-50-85-DF-38-D4) f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcom.h(stdafx.obj (atls.lib)) - UNKNOWN (Hash 4F-FE-50-B9-36-45-B4-0B-3B-12-2E-74-8F-C2-09-BD) f:\dd\vctools\vc7libs\ship\atlmfc\include\atlcomcli.h(stdafx.obj (atls.lib)) - UNKNOWN (Hash 50-C3-86-90-64-99-80-9A-40-C8-7D-94-D5-6E-A8-33)
Dear All,
Security: auto windows update disabled, why it still does?
Is it security issue?
Banny
Hi,
I just started learning and using the Threat Modeling Tool and I have some questions:
Thanks,
Gabriel
I'm trying to create an alert that would activate upon the detection of a failed heartbeat. Working on tracking about 300 servers. I created a group and tried running the following but am only receiving the count.
This only generated the result of a count of 1. I need this to display the affected computer when it detects the heartbeat is missing for over 5 minutes.
I attempted the same thing by generating the alert through the metrics window. I setup the metric with a condition of Less than a Maximum of 1. However, when I test the functionality by shutting down the server no alert is generated. I confirmed through log analytics that the affected server does populate in the search results, however the heartbeat result does not drop.
Any suggestions?
I'm trying to create a new template based on the default set of stencils. If the process below is not the intended one, what is the intended process please?
1. Create new template
2. Fill in name etc
3. Merge template to this... (choose default template shipped with the tool)
4. Save (no other changes made, only merged in the default template)
5. Close & Open again
=> "The threat modeling tool has experienced an unexpected exception situation ... send an email with the file to the support alias for the tool". I can't find any support alias but hoping this forum might be able to help.
Many thanks!
I've pasted the error from the exception file below (this exception is repeated 14 times in the file)
"Threat Modeling Tool, Assembly version 'TMT7, Version=7.1.60126.1, Culture=neutral, PublicKeyToken=69c3241e6f0468ca', today is '04 March 2019 10:09:37'Exception information:
System.ArgumentNullException: Value cannot be null.
Parameter name: input
at System.Text.RegularExpressions.Regex.Match(String input)
at ThreatModeling.Model.KBEditorModel.ReplacePrpertyNameToDisplayNameInTitle(String targetString)
at ThreatModeling.Model.KBEditorModel.LoadThreatTypeCollection(List`1 threatCollection, List`1 threatCategories)
at ThreatModeling.ViewModel.DashboardViewModel.LoadElementCollections()
at ThreatModeling.ViewModel.DashboardViewModel.ObjectModelEventInterceptor(Object sender, ObjectModelChangeEventArgs args)
at ThreatModeling.ViewModel.DashboardViewModel.ObjectModel_ObjectModelChanged(Object sender, ObjectModelChangeEventArgs args)
at ThreatModeling.Model.ObjectModelChangeDelegate.Invoke(Object sender, ObjectModelChangeEventArgs args)
at ThreatModeling.Model.ObjectModel.OnObjectModelChange(ObjectModelChangeCause cause, Object objectOfChange)
at ThreatModeling.Model.ObjectModel.SendNewThreatBaseEvents()
at ThreatModeling.ViewModel.DashboardViewModel.OnThreatBaseCreated(ObjectModel om)
at ThreatModeling.ViewModel.DashboardViewModel.OpenThreatBase(String fileName, Boolean designMode, Boolean IsThreatBase)
at ThreatModeling.ViewModel.OpenThreatBaseCommand.OpenFile(String fileName, Boolean editThreatBase)
at ThreatModeling.ViewModel.OpenThreatBaseCommand.ExecuteImp(Object parameter)
at ThreatModeling.ViewModel.Commands.TrackedCommand.Execute(Object parameter)
End of exception information"
Hi,
My threat model diagram has several errors reported against it of the form 'X' requires at least one 'Any'.
I haven't been able to figure out what that means, any clues?
Hello,
I just wanted to ask if it is a MUST to rebuild the Drivers from Windows Server 2016 / Windows 10 (WDK1703) for the new Windows Server 2019 using the Kernel Mode with WDK1809 ? Or will the old ones still work flawless?
Many Thanks in advance
Regards
Agossi
Hi All,
Not sure anyhow has any experience using SSO authorization for OData Services in SAP ByDesign with Excel?
As of now I am looking at what provided by SAP whereby using for OAuth 2.0 for the setup, however I dont have experience on that.
Hope that someone can help out.
Using the current version of the tool (7.1.60126.1)
1.) The data flow referenced in the Title field is not updated from an older modified value:
An adversary may sniff communications XXXXX to gain access to sensitive data, where XXXX is an older label that has been changed, but this keeps using the original value for this label.
2.) The title field says this: "An adversary may exploit unused services or privleged features in..." While the Description field say this "An adversary may use unused features or privledged services on...". So while both mis-spell "privileged" in the same way, they reverse the order of the terms in this phrase... I believe the Description field is the correct order of terms!
Hi,
I'm using TMT to model our product features. Here are two problems I would like to have your help.
1. I would like to add a threat for a specific data flow from product feature point of view. I haven't figured out a way to add a threat for a specific data flow.
2. I try to add User-defined threat to resolve the problem #1. In the end, I found I can't change the naming of Interaction. If I can change the naming, then I can assign this user-defined threat to a interaction (data flow).
Thanks,
Ziv
Anyone knows how to export the list of ALL threats from the MS Threat Modeling Tool?
For example, I would like to know the list of ALL threats under SPOOFing.
Or export things out since these are XML based?