From 4d40a80dd9f162d70dc71592e608962176ca267a Mon Sep 17 00:00:00 2001 From: Izar Tarandach Date: Sat, 16 Aug 2025 09:10:09 -0400 Subject: [PATCH 1/3] pytm is a Python library --- docs/en/04-design/01-threat-modeling/02-pytm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/04-design/01-threat-modeling/02-pytm.md b/docs/en/04-design/01-threat-modeling/02-pytm.md index 3493a3be..c7cce05e 100644 --- a/docs/en/04-design/01-threat-modeling/02-pytm.md +++ b/docs/en/04-design/01-threat-modeling/02-pytm.md @@ -7,7 +7,7 @@ Pytm is an OWASP Lab Project with a community of contributors creating [regular #### What is pytm? -Pytm is a Java library that provides programmatic way of threat modeling; +Pytm is a Python library that provides programmatic way of threat modeling; the application model itself is defined as a python3 source file and follows Python program syntax. Findings are included in the application model python program with threats defined as rows in an associated text file. The threat file can be reused between projects and provides for accumulation of a knowledge base. From cac773d0d018061dedd92472a0f10db852217247 Mon Sep 17 00:00:00 2001 From: Izar Tarandach Date: Wed, 8 Oct 2025 12:49:49 -0400 Subject: [PATCH 2/3] Fixing some details about pytm --- docs/en/04-design/01-threat-modeling/02-pytm.md | 8 ++++---- docs/es/04-design/01-threat-modeling/02-pytm.md | 9 ++++----- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/docs/en/04-design/01-threat-modeling/02-pytm.md b/docs/en/04-design/01-threat-modeling/02-pytm.md index c7cce05e..8e877f95 100644 --- a/docs/en/04-design/01-threat-modeling/02-pytm.md +++ b/docs/en/04-design/01-threat-modeling/02-pytm.md @@ -3,13 +3,13 @@ The OWASP [pytm (Pythonic Threat Modeling)][pytmproject] project is a framework for threat modeling and its automation. The goal of pytm is to shift threat modeling to the left, making threat modeling more automated and developer-centric. -Pytm is an OWASP Lab Project with a community of contributors creating [regular releases][pytmreleases]. +Pytm is an OWASP Production Project with a community of contributors creating [regular releases][pytmreleases]. #### What is pytm? -Pytm is a Python library that provides programmatic way of threat modeling; +Pytm is a Python library that provides a programmatic way of threat modeling; the application model itself is defined as a python3 source file and follows Python program syntax. -Findings are included in the application model python program with threats defined as rows in an associated text file. +Findings are included in a templated threat modeling report. The threat file can be reused between projects and provides for accumulation of a knowledge base. Using pytm the model and threats can be programmatically output as a [dot][graphvizdot] data flow diagram @@ -59,7 +59,7 @@ The following tools and libraries need to be installed: * Python 3.x * [Graphviz][graphvizdot] package -* Java, such as OpenJDK 10 or 11 +* Java, such as OpenJDK 10 or 11 (exclusively for the generation of the sequence diagram) * the [PlantUML][plantumljar] executable JAR file * and of course pytm itself: clone the [pytm project repo][pytmrepo] diff --git a/docs/es/04-design/01-threat-modeling/02-pytm.md b/docs/es/04-design/01-threat-modeling/02-pytm.md index 2bad418d..e4d422af 100644 --- a/docs/es/04-design/01-threat-modeling/02-pytm.md +++ b/docs/es/04-design/01-threat-modeling/02-pytm.md @@ -6,15 +6,14 @@ El objetivo de pytm es realizar el modelado de amenazas Shift-Left, lo que signi el modelado ya en etapas tempranas del proyecto, haciendo que el modelado de amenazas sea más automatizado y centrado en el desarrollador. -Pytm es un Proyecto de Laboratorio de OWASP con una comunidad de colaboradores +Pytm es un Proyecto de Producion de OWASP con una comunidad de colaboradores que crean [versiones regulares][pytmreleases]. #### ¿Qué es pytm? -Pytm es una biblioteca Java que proporciona una forma programática de modelado de amenazas; +Pytm es una biblioteca Python que proporciona una forma programática de modelado de amenazas; el modelo de aplicación en sí se define como un archivo fuente de python3 y sigue la sintaxis del programa Python. -Los hallazgos se incluyen en el programa python del modelo de aplicación con amenazas definidas -como filas en un archivo de texto asociado. +Los hallazgos se incluyen en un informe de modelado de amenazas basado en plantillas. El archivo de amenazas puede reutilizarse entre proyectos y permite la acumulación de una base de conocimiento. Usando pytm, el modelo y las amenazas pueden ser programáticamente generados @@ -69,7 +68,7 @@ Las siguientes herramientas y bibliotecas deben estar instaladas: * Python 3.x * Paquete [Graphviz][graphvizdot] -* Java, como OpenJDK 10 u 11 +* Java, como OpenJDK 10 u 11 (solamente para el uso del diagrama de secuencia) * El archivo JAR ejecutable de [PlantUML][plantumljar] * Y por supuesto pytm: clone el [repositorio del proyecto pytm][pytmrepo] From d297e23263c8fd278c11fd6810646510297b2a21 Mon Sep 17 00:00:00 2001 From: Izar Tarandach Date: Wed, 8 Oct 2025 14:09:57 -0400 Subject: [PATCH 3/3] Apparently I can't spell in 2 languages --- docs/en/04-design/01-threat-modeling/02-pytm.md | 2 +- docs/es/04-design/01-threat-modeling/02-pytm.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/en/04-design/01-threat-modeling/02-pytm.md b/docs/en/04-design/01-threat-modeling/02-pytm.md index 8e877f95..bcdcc28d 100644 --- a/docs/en/04-design/01-threat-modeling/02-pytm.md +++ b/docs/en/04-design/01-threat-modeling/02-pytm.md @@ -9,7 +9,7 @@ Pytm is an OWASP Production Project with a community of contributors creating [r Pytm is a Python library that provides a programmatic way of threat modeling; the application model itself is defined as a python3 source file and follows Python program syntax. -Findings are included in a templated threat modeling report. +Findings are included in a template-defined threat modeling report. The threat file can be reused between projects and provides for accumulation of a knowledge base. Using pytm the model and threats can be programmatically output as a [dot][graphvizdot] data flow diagram diff --git a/docs/es/04-design/01-threat-modeling/02-pytm.md b/docs/es/04-design/01-threat-modeling/02-pytm.md index e4d422af..613a8614 100644 --- a/docs/es/04-design/01-threat-modeling/02-pytm.md +++ b/docs/es/04-design/01-threat-modeling/02-pytm.md @@ -6,7 +6,7 @@ El objetivo de pytm es realizar el modelado de amenazas Shift-Left, lo que signi el modelado ya en etapas tempranas del proyecto, haciendo que el modelado de amenazas sea más automatizado y centrado en el desarrollador. -Pytm es un Proyecto de Producion de OWASP con una comunidad de colaboradores +Pytm es un Proyecto de Producción de OWASP con una comunidad de colaboradores que crean [versiones regulares][pytmreleases]. #### ¿Qué es pytm?