Did you know that there is something called ‘Pytm’ in the technical world? Read that word again – it is ‘Pytm’ and not Paytm! 🙂 When I first saw this word, I was reminded of ‘Paytm’ as well !!! 🙂 (India’s ‘Pay through mobile ‘ UPI)
This ‘Pytm’ is a threat modeling tool and it is available on GitHub here.
Threat Modeling itself is a massive activity today. Threat Modeling is a means to identify threats in systems much earlier so that they can be mitigated later thereby reducing financial and material losses.
Threat modeling can be done manually or it can be automated. There are different threat modeling tools like Pytm, Threatspec, ThreatPlaybook and PlantUML. In a typical threat modeling process, data flow diagrams and sequence diagrams will be drawn based on the system architecture. Next, a threat report will be generated based on this information. Manually drawing data flow diagrams and sequence diagrams is an extremely time consuming process.
Pytm:
Pytm solves this issue by automating the process. Pytm is a Pythonic framework for doing threat modeling. It was created by Izar Tarandach and Matthew J. Coles. It is an automated threat modeling tool which helps in simplifying the process of manually drawing DFDs(data flow diagrams) and sequence diagrams. These are then used to generate a threat report about the system.
By means of using threat modeling tools like Pytm security is shifted left(which means that security processes are adopted much earlier in the SDLC) and the processes are automated which greatly reduces time and effort.
We have just briefly touched upon threat modeling tool ‘Pytm’. Join me as I uncover more posts about Threat Modeling in subsequent posts!
Nice Article!