| layout | title | tags | project | level | type | pitch |
|---|---|---|---|---|---|---|
col-sidebar |
OWASP Threat Dragon |
threatdragon |
true |
3 |
tool |
OWASP Threat Dragon provides a threat modeling application for teams implementing the STRIDE approach, either as a desktop or as a web application. Great for both developers and defenders alike |
{: .image-right }
OWASP Threat Dragon is a modeling tool used to create threat model diagrams as part of a secure development lifecycle. Threat Dragon follows the values and principles of the threat modeling manifesto. It can be used to record possible threats and decide on their mitigations, as well as giving a visual indication of the threat model components and threat surfaces. Threat Dragon runs either as a web application or a desktop application.
Threat Dragon supports STRIDE / LINDDUN / CIA, provides modeling diagrams and implements a rule engine to auto-generate threats and their mitigations.
Use the documentation to get started, along with the recording of Mike Goodwin giving a lightning demo during the OWASP Open Security Summit in June 2020.
An introduction to Threat Dragon is provided by the OWASP Spotlight series, and the Threat Modeling Gamification seminar by Vlad Styran shows how using Threat Dragon can make threat modeling fun.
- OWASP pytm (Pythonic Threat Modeling)
- OWASP Threat Model Cookbook
- Threat Modeling OWASP Cheat Sheet
- Threagile - Agile Threat Modeling, although not OWASP it is open source
The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups{:target='_blank'}, and Community Slack Channel{:target='_blank'}. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to become a member or consider a donation to support our ongoing work.