privado
Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report. (by Privado-Inc)
awesome-threat-modelling
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review. (by hysnsec)
| privado | awesome-threat-modelling | |
|---|---|---|
| 21 | 2 | |
| 472 | 1,253 | |
| 0.8% | 2.7% | |
| 9.1 | 0.0 | |
| 5 days ago | 28 days ago | |
| Dockerfile | Dockerfile | |
| GNU Lesser General Public License v3.0 only | Creative Commons Zero v1.0 Universal |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
privado
Posts with mentions or reviews of privado.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-11-29.
- Policy team rejects app update: "Invalid Data safety form"
-
How to fill up Data Safety section correctly?
Try this tool to help you get it right: https://github.com/Privado-Inc/privado
-
Issue found: Invalid Data safety form / I did as I was told but kept getting rejection emails?
Just use Privado. It will scan your code and automatically generate the data safety form results.
- App rejected: Issue found: Invalid Data safety form
-
Mastodon's Privacy: Who actually holds your data in Mastodon
I love that Mastodon is decentralized. But as a privacy engineer, I was curious about how their app handles our data compared to what they claim in their privacy policy, so I analyzed their open-source app code in my privacy code scanning tool.
-
Open Source privacy scanning tool to create data flows from code
u/SZenC great point, our scanning tool detects more than 120 data elements right out of the box. Right from Fitness Data, Health Data, Device Ids, Ratings & Reviews etc. You can see the entire list of data elements we discover here: https://github.com/Privado-Inc/privado/tree/main/rules/sources
Except for a few framework specific things (such as how route handlers are defined - eg. via annotations in Spring) our code analysis platform is framework agnostic. Our system works with major frameworks and we continually improve if we have to add extra support. I can foresee some minor work needed for Vert.x for example. Templating (eg. via JSP) is not supported, but we welcome all contributions!! Please raise an issue on the tracker: https://github.com/Privado-Inc/privado/issues
Tagging data elements as source: Here we are looking for variables with known PII patterns. We have over 150 data elements listed here as rules.
You can check out the tool at https://github.com/Privado-Inc/privado. Would love to hear about your feedback and contributions to the same.
awesome-threat-modelling
Posts with mentions or reviews of awesome-threat-modelling.
We have used some of these posts to build our list of alternatives
and similar projects.
-
STRIDE Threat Scenarios
Also have a look at: - https://users.encs.concordia.ca/~clark/courses/1601-6150/scribe/L04c.pdf - https://threat-modeling.com/the-ultimate-list-of-stride-threat-examples/ - https://simoneonsecurity.com/ - https://github.com/hysnsec/awesome-threat-modelling - https://blog.ennowallet.com/introducing-enno-wallet-threat-model-for-mobile-apps-22a519df46bc
- List of Threat Modeling
What are some alternatives?
When comparing privado and awesome-threat-modelling you can also consider the following projects:
mastodon-android - Official Android app for Mastodon
awesome-template-literal-types - Curated list of awesome Template Literal Types examples
Papercups - Open-source live customer chat
DevSecOps - Ultimate DevSecOps library
humbug - Get usage metrics and crash reports for your API, library, or command line tool.
Awesome-RCE-techniques - Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
Databunker - Secure SDK/vault for personal records/PII built to comply with GDPR
awesome-php-security - Awesome PHP Security Resources πΆππ
enclaive-docker-mariadb-sgx - SGX-ready Enclaive Docker Image for MariaDB
dastardly-github-action - Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.
iabtcf-es - Official compliant tool suite for implementing the Transparency and Consent Framework (TCF) v2.0. The essential toolkit for CMPs.
awesome-cloud-run - π β© A curated list of resources about all things Cloud Run
privado vs mastodon-android
awesome-threat-modelling vs awesome-template-literal-types
privado vs Papercups
awesome-threat-modelling vs DevSecOps
privado vs humbug
awesome-threat-modelling vs Awesome-RCE-techniques
privado vs Databunker
awesome-threat-modelling vs awesome-php-security
privado vs enclaive-docker-mariadb-sgx
awesome-threat-modelling vs dastardly-github-action
privado vs iabtcf-es
awesome-threat-modelling vs awesome-cloud-run