Introduction
Threat Dragon is an open-source threat modelling tool from OWASP. Threat Dragon provides an environment to create threat models as data-flow diagrams, along with associated threats and remediations. The threats threats can be categorized using STRIDE, LINDDUN, CIA, DIE and PLOT4ai.
Threat Dragon can be run as a containerized web application or as a desktop application.
The web application can store threat model files on the local file system; in addition access can be configured for :
- GitHub
- Github Enterprise
- Google Drive
- Bitbucket
- Bitbucket Enterprise
- GitLab
The desktop application saves the threat model files locally with installers provided for MacOS, Windows and Linux.
Threat Dragon seeks to provide:
- Simplicity - you can install and start using Threat Dragon very quickly
- Flexibility - the diagramming and threat entry allows many types of threat to be described
- Accessibility - different types of teams can benefit from Threat Dragon’s simplicity and flexibility
You can find the source code for Threat Dragon on GitHub, where you can also ask for changes or report any issues.
Threat Dragon: making threat modeling less threatening