Security Analyst 2019.4
Additional information, tips and tricks can now be accessed under https://www.security-analyst.org.
New Report Generator
The HTML report generator has been superseded by a new report generator that produces .docx and .pdf files. The .pdf output requires that LibreOffice is installed.
New report items are available. Additional tables can be generated for all system element types (functions, data, components, channels and data flows) as well as the function assignment.
Report items no longer specify a chunk. Instead, elements of all chunks are exported.
The HTML report generator is still functional, but does not support the new report items.
Updated System Diagram
It is now possible to edit stored and transferred data graphically. For stored data this includes sub-data.
Updated Text Editors
The textual presentation of all elements has been changed. It should be much easier now to insert new elements without using the toolbar or context actions.
It can be switched whether the calculated values for attack effort, damage potential and risk level or the local value is displayed next to each element. Go to File -> Settings -> Editor -> Editor hints and tick “Show Local AE/DP Value” if only the local value should be displayed.
All suggestions in the Suggestion Overview can now be rejected and a rationale can be given. The Security Goal Assessment has been superseded by the Suggestion Overview. The Threat Assessment is still unchanged, but will also be moved in an upcoming release.
XML Import / Export
Security Analyst defines a special XML format called XSAM (XML Security Analyst Model). Data can be imported and exported using this format. As of now, XSAM covers the system elements (functions, data, components and channels) as well as technologies. Future versions will cover the whole dataset. For more information, please refer to the user guide.
Various Fixes and Improvements
- Fixed missing properties for the catalog import
- Fixed broken tables in assessment model after certain changes
- Improved the description text field in the inspector; text formatting is not longer possible
- Updated the user guide