privado
awesome-threat-modelling
privado | awesome-threat-modelling | |
---|---|---|
21 | 2 | |
472 | 1,253 | |
0.8% | 2.7% | |
9.1 | 0.0 | |
5 days ago | 28 days ago | |
Dockerfile | Dockerfile | |
GNU Lesser General Public License v3.0 only | Creative Commons Zero v1.0 Universal |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
privado
- Policy team rejects app update: "Invalid Data safety form"
-
How to fill up Data Safety section correctly?
Try this tool to help you get it right: https://github.com/Privado-Inc/privado
-
Issue found: Invalid Data safety form / I did as I was told but kept getting rejection emails?
Just use Privado. It will scan your code and automatically generate the data safety form results.
- App rejected: Issue found: Invalid Data safety form
-
Mastodon's Privacy: Who actually holds your data in Mastodon
I love that Mastodon is decentralized. But as a privacy engineer, I was curious about how their app handles our data compared to what they claim in their privacy policy, so I analyzed their open-source app code in my privacy code scanning tool.
-
Open Source privacy scanning tool to create data flows from code
u/SZenC great point, our scanning tool detects more than 120 data elements right out of the box. Right from Fitness Data, Health Data, Device Ids, Ratings & Reviews etc. You can see the entire list of data elements we discover here: https://github.com/Privado-Inc/privado/tree/main/rules/sources
Except for a few framework specific things (such as how route handlers are defined - eg. via annotations in Spring) our code analysis platform is framework agnostic. Our system works with major frameworks and we continually improve if we have to add extra support. I can foresee some minor work needed for Vert.x for example. Templating (eg. via JSP) is not supported, but we welcome all contributions!! Please raise an issue on the tracker: https://github.com/Privado-Inc/privado/issues
Tagging data elements as source: Here we are looking for variables with known PII patterns. We have over 150 data elements listed here as rules.
You can check out the tool at https://github.com/Privado-Inc/privado. Would love to hear about your feedback and contributions to the same.
awesome-threat-modelling
-
STRIDE Threat Scenarios
Also have a look at: - https://users.encs.concordia.ca/~clark/courses/1601-6150/scribe/L04c.pdf - https://threat-modeling.com/the-ultimate-list-of-stride-threat-examples/ - https://simoneonsecurity.com/ - https://github.com/hysnsec/awesome-threat-modelling - https://blog.ennowallet.com/introducing-enno-wallet-threat-model-for-mobile-apps-22a519df46bc
- List of Threat Modeling
What are some alternatives?
mastodon-android - Official Android app for Mastodon
awesome-template-literal-types - Curated list of awesome Template Literal Types examples
Papercups - Open-source live customer chat
DevSecOps - Ultimate DevSecOps library
humbug - Get usage metrics and crash reports for your API, library, or command line tool.
Awesome-RCE-techniques - Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
Databunker - Secure SDK/vault for personal records/PII built to comply with GDPR
awesome-php-security - Awesome PHP Security Resources πΆππ
enclaive-docker-mariadb-sgx - SGX-ready Enclaive Docker Image for MariaDB
dastardly-github-action - Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.
iabtcf-es - Official compliant tool suite for implementing the Transparency and Consent Framework (TCF) v2.0. The essential toolkit for CMPs.
awesome-cloud-run - π β© A curated list of resources about all things Cloud Run