Knowledge Base

Additional information, tips and tricks can now be accessed under https://www.security-analyst.org.

Important Changes

New Report Generator

The HTML report generator has been superseded by a new report generator that produces .docx and .pdf files. The .pdf output requires that LibreOffice is installed.

New report items are available. Additional tables can be generated for all system element types (functions, data, components, channels and data flows) as well as the function assignment.

Report items no longer specify a chunk. Instead, elements of all chunks are exported.

The HTML report generator is still functional, but does not support the new report items.

Updated System Diagram

It is now possible to edit stored and transferred data graphically. For stored data this includes sub-data.

System Diagram

System Diagram

Updated Text Editors

The textual presentation of all elements has been changed. It should be much easier now to insert new elements without using the toolbar or context actions.

It can be switched whether the calculated values for attack effort, damage potential and risk level or the local value is displayed next to each element. Go to File -> Settings -> Editor -> Editor hints and tick “Show Local AE/DP Value” if only the local value should be displayed.

Modelling Assistant

All suggestions in the Suggestion Overview can now be rejected and a rationale can be given. The Security Goal Assessment has been superseded by the Suggestion Overview. The Threat Assessment is still unchanged, but will also be moved in an upcoming release.

XML Import / Export

Security Analyst defines a special XML format called XSAM (XML Security Analyst Model). Data can be imported and exported using this format. As of now, XSAM covers the system elements (functions, data, components and channels) as well as technologies. Future versions will cover the whole dataset. For more information, please refer to the user guide.

Various Fixes and Improvements

  • Fixed missing properties for the catalog import
  • Fixed broken tables in assessment model after certain changes
  • Improved the description text field in the inspector; text formatting is not longer possible
  • Updated the user guide