Stephen de Vries

There has been some work in this area (although not exactly from a SAST approach), see: https://threatspec.org/ it essentially uses annotations in files to build a DFD and string together...

Source is here: https://github.com/continuumsecurity/RopeyTasks It's not actively maintained, so recommend you switch to using something like DVWA or OWASP Juice shop instead.

Yes, there is always concern when a vendor is seen to control a standard/format. IMO, it is too early to go for a heavyweight standards body that adds too much...

@jgadsden what say you about Threat Dragon also using OTM as a supported format? @izar x/y co-ordinates can easily be made optional.

That is great news! Does threat dragon need many additional changes to the spec based on what’s published currently?

Hi @3moorr, this is quite an old issue and the project has undergone some changes since it was first reported. Could you describe how you're using bdd-sec, and post key...

Thanks for reporting. The RopeyWebService sample wasn't updated when we migrated to version 2.0. We're currently troubleshooting this bug in the "webservices" branch. Will update here when its resolved.

We've never launched IE like this - looks like you're launching it from within ZAP? BDD-Security only includes FF, Chrome and HtmlUnit browsers by default. You could try adding an...

Hi @Ravi8055, I have not tried to run using Eclipse or JUnit. The lock file is generated by OWASP ZAP and could mean that ZAP doesn't shutdown between executions. Check...

You can run the two sets of tests in parallel if they don't share any state (e.g. same login credentials). Additionally, if the navigation steps of your selenium steps can...