Skip to content

VerSprite/fork-community

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Fork Community - Free SaaS tool to build risk centric threat models using the P.A.S.T.A. threat modeling methodology

Introduction

Welcome to the repository for the Fork Community Edition, an implementation of the PASTA (Process for Attack Simulation and Threat Analysis) threat modeling framework. This repository provides a collaborative space for enhancing and expanding the capabilities of Fork through community contributions. It consolidates previous work, including the attack trees shared by VerSprite, which are now available under the threat libraries folder.

What is Fork?

ForkTM.com is a SaaS platform that implements the PASTA framework for threat modeling. Our goal is to create a tool that not only serves the needs of security professionals but also evolves with the contributions of the community. The community version is freely available and designed with extensibility in mind, allowing the community to contribute and enhance various parts. Meanwhile, the enterprise edition aims to cater to organizations with more advanced functionalities and tailored features.

Comprehensive Mapping of Taxonomies

Our ForkTM platform is expanding its scope to encompass mapping all relevant taxonomies. In ForkTM, we strive to provide a holistic approach by integrating both theory and evidence methodologies. Fork’s evidence-based approach complements your threat models and helps identify additional Tactics, Techniques, and Procedures (TTPs) for consideration in the attack tree. These adversarial methods are derived from real-world attacks observed and reported by legitimate sources.

Fork is incorporating threats and adversarial methods derived from multiple categories of observed behavior:

  • TTPs used against your Technology Platform(s)
  • Software used maliciously against your Industry
  • Campaign(s) targeting your Industry

Comprehensive Threat Libraries

Our threat libraries are designed as a tree, providing a hierarchical mapping of various security standards, frameworks, and methodologies. Within this tree structure, you can explore different branches such as threats, motives, targets, CWEs (Common Weakness Enumeration), CAPECs (Common Attack Pattern Enumeration and Classification), CVEs (Common Vulnerabilities and Exposures), MITRE ATT&CK post-exploitation patterns along with their corresponding mitigations, and OWASP ASVS (Application Security Verification Standard). This approach allows for an intuitive understanding of how these elements interconnect and relate to one another within your threat models.

Integrated Insights and Mappings

By leveraging both theoretical and evidence-based insights, ForkTM provides a comprehensive and adaptable threat modeling platform. The hierarchical mappings within the threat library directly relate to and enrich your threat models, offering a structured way to visualize and analyze the relationships between different elements. This integration ensures that your threat models are informed by a wide range of data sources, facilitating a more robust and informed security posture that evolves with the needs of its users and the broader security community.

Repository Objectives

  • Issue Tracker: A dedicated system for reporting issues, suggesting enhancements, and discussing project-related matters.
  • Community Contributions: Members can contribute to JSON files that constitute the basis of a threat library, which are integral to Fork's functionality.
  • Automatic Updates: Changes to the JSON files that pass the peer-review process will be reflected in the platform with each new release, ensuring up-to-date threat modeling capabilities.

Getting Started

  1. Clone the Repository: git clone git@github.com:VerSprite/forkTM.git
  2. Explore the JSON Files: These files are located in the /industry_focused_threat_libraries directory and are grouped per industry.
  3. Report Issues or Suggestions: Use the GitHub Issues tab to report bugs, request features, or discuss the project.
  4. Contribute: Make changes to the JSON files and submit a pull request. Our team will review and integrate contributions in the next release.

Contributing

We welcome contributions from the community! Here's how you can help:

  • Report Bugs: Found a problem? Let us know through the Issues tab.
  • Suggest Features: Have an idea to improve Fork? We're all ears!
  • Update Data: Contribute to our JSON files to enhance the platform's threat modeling capabilities.

Contact

For further inquiries or direct communication, please contact forktm@versprite.com.

Acknowledgments

A special thanks to all the contributors who have made Fork a reality. Your efforts are deeply appreciated!


Happy Threat Modeling!

The Fork Team

Releases

No releases published

Packages

No packages published