adding Threat Model and corresponding md file (#5902)

redhat-developer · Jul 1, 2022 · c2abde1 · c2abde1
1 parent ebdd3f0
commit c2abde1
Show file tree

Hide file tree

Showing 2 changed files with 435 additions and 0 deletions.
diff --git a/.threatmodel/THREAT_MODELING.md b/.threatmodel/THREAT_MODELING.md
@@ -0,0 +1,11 @@
+# ODO Threat Model
+
+The Threat model was developed using the [OWASP Threat Dragon](https://owasp.org/www-project-threat-dragon/) tool.
+
+There are [two installation variants of the OWASP Threat Dragon](https://threatdragon.github.io/install/), a web application and a desktop application. Follow the link for installation instructions.
+The OWASP Threat dragon saves the threat model as a json file. The odo threat model is defined in the [odo-model.json](https://github.com/redhat-developer/odo/blob/main/.threatmodel/odo-model.json) file
+
+# OWASP Top Ten 
+
+The OWASP Org, provides a list of the [Top Ten application security risks](https://owasp.org/www-project-top-ten/). Read through them to undestand each of the risks, how to prevent them along with some examples.
+