The concept behind this is to create a threat modeling approach that is scalable as well as being designed with attacker behavior in mind.
Features are groups of Use Cases that come together to implement a high-level Feature in an application, such as "Search Inventory".
Use Cases are workflows that a user follows in order to accomplish some task, usually implemented as a Feature.
Abuse Cases are workflows that an attacker can use to manipulate a Use Case into doing something unintended, frequently as a way to get a foothold to further attack an application.
Data structures containing a Plugin Identifier, parameters for the plugin, and a Resource Pointer to the Resource being used by the Plugin
Data structures containing a Resource Identifier, the type of Resource being described, and parameters for the Resource
Describing a Scan Workflow:
- A Service Map is loaded
- Features are loaded, then Use Cases, then Abuse Cases, then Plugin Pointers
- For each Plugin Pointer, look up the actual loaded Plugin instance
- Using the instance, validate the Plugin Pointer to ensure required options are provided, and that the Resource Pointer provided can be consumed by the Plugin
- Queue an execution of the Plugin with the TaskManager's Task Queue
- When ready, TaskManager executes the queued item. When doing this, if there is a consumer of an event indicating that a task is being started, that consumer is notified
- Plugin executes, placing artifacts in a given working directory
- When complete, TaskManager notifies any consumers subscribed to the event indicating a task has completed
- When all Plugins have completed, iterate over each result object, running operations to summarize the content of all reports and generate a risk score
- Summary Report is generated, containing all result objects, a generalized list of vulnerabilities, scores for each result, and any Resources that were generated during a spider operation (not provided on the Resource Map)