Skip to content

Latest commit

 

History

History
63 lines (48 loc) · 2.72 KB

index.md

File metadata and controls

63 lines (48 loc) · 2.72 KB
layout title tags project level type pitch
col-sidebar
OWASP Threat Dragon
threatdragon
true
3
tool
OWASP Threat Dragon is a threat modeling tool; great for both developers and defenders alike. Use on your desktop or as a web application.
<style type="text/css"> .image-right { display: block; margin-left: auto; margin-right: auto; float: right; } </style>

cupcake logo{: .image-right }

What is Threat Dragon?

OWASP Threat Dragon is a modeling tool used to create threat model diagrams as part of a secure development lifecycle. Threat Dragon follows the values and principles of the threat modeling manifesto. It can be used to record possible threats and decide on their mitigations, as well as giving a visual indication of the threat model components and threat surfaces. Threat Dragon runs either as a web application or as a desktop application.

Threat Dragon supports STRIDE / LINDDUN / CIA / DIE / PLOT4ai, provides modeling diagrams and implements a rule engine to auto-generate threats and their mitigations.

Resources

Use the version 1 or version 2 documentation to get started, along with the recording of Mike Goodwin giving a lightning demo during the OWASP Open Security Summit in June 2020.

An introduction to Threat Dragon is provided by the OWASP Spotlight series, and the Threat Modeling Gamification seminar by Vlad Styran shows how using Threat Dragon can make threat modeling fun.

There are a couple of OWASP community pages that give overviews on Threat Modeling and how to get started: Threat Modeling and Threat Modeling Process.

The easiest way to get in contact with the Threat Dragon community is via the OWASP Slack #project-threat-dragon project channel, you may need to subscribe first.

Related Projects