iriusrisk Goto Github PK

Name: IriusRisk

Type: Organization

Twitter: iriusrisk

Location: Spain

The Open Threat Modeling platform

IriusRisk Community Edition is a free version of IriusRisk that allows you to quickly create threat models of software and cloud architectures and then manage those threats and countermeasures throughout the rest of the SDLC, including:

Assigning a risk response: Accept, Mitigate or Expose
Apply a security standard, such as OWASP ASVS to derive the security requirements in one step
All threat models created in IriusRisk can be published as Templates that are visible to other users of the platform.

Getting Started

Register for a user account
Follow @IriusRisk for updates
Submit bugs and feature requests to github

Publishing Templates

One of the goals of the Community edition is to start sharing a common set of threat models for typical (or not) architectures. If you've modeled a system that you believe would benefit the wider Community please publish it as a Template! This will make it visible to other users of Community who will be able to import it into their own models. The submitted templates will go through a review process and if accepted, be published here on the github site in raw XML format so that non-community users can also take advantage of it.
NOTE: When you publish a model, it will be removed from the Product table, you'll need to create a new product and import your template into it, to work on it again.

Try our commercial edition for these extra features

Manage more than 1 application. The solution has been tested with 4000+ applications.
Customise the rules engine, component library and threat and countermeasure knowledge-bases.
Create custom questionnaires and data flow rules
See our website for more details

IriusRisk's Projects

alloy-ui

AlloyUI is a framework built on top of YUI3 (JavaScript) that uses Bootstrap 3 (HTML/CSS) to provide a simple API for building high scalable applications

basic-rules-generator

bdd-security

BDD Automated Security Tests for Web Applications

bdd-security.iriusrisk

Testing of the IriusRisk community edition

bdd-security.tls

Security tests against TLS/SSL configurations

bdd-teammentor

A BDD-Security project for TeamMentor

community

IriusRisk Community

dependencycheck

OWASP dependency-check is a utility that detects publicly disclosed vulnerabilities in application dependencies.

diagram-builder

Vaadin Add-on built over ALLOYUI DiagramBuilder

gocd-ec2-elastic-agent-plugin

Plugin for GoCD server that will spin up and shut down EC2 instances as its agent workers on demand

iriusrisk-central

Provides content useful for IriusRisk threat modelling, including templates, API scripts, libraries and more.

iriusrisk-cli

Command Line Interface for IriusRisk

iriusrisk-cli-old

IriusRisk Command Line Interface

iriusrisk-client-lib

IriusRisk client Java library

iriusrisk-library-editor

iriusrisk-python-client-lib

iriusrisk-threat-model-verification-suite

iriusrisktoolkitui

IriusRiskToolKitUI is a Python GUI client for working with several common tasks regarding security content management in IriusRisk platform.

iriustest.policy

Example of how human-verifiable security policies can be written in IriusTest

jbehave-junit-runner

Integrate JBehave better with JUnit. Reports all Stories, Scenarios and Steps as JUnit Suites and Test Cases.

jira-client

A simple JIRA REST client for Java

jsslyze

Java wrapper for SSLyze

mbassador

A feature-rich Java event bus optimized for high-throughput in multi-threaded environments. Annotation driven, sync/async event publication, weak/strong references, dynamic event filtering