| title | layout | tab | order | tags |
|---|---|---|---|---|
Description |
true |
1 |
threatdragon |
Threat modeling is widely regarded as a powerful way to build security into the design of applications early in a secure development lifecycle. At its best, it is especially good for:
- Ensuring defence-in-depth
- Establishing consistent security design patterns across an application
- Flushing out security requirements and user stories
OWASP Threat Dragon provides a free, open-source, threat modeling application for teams implementing the STRIDE approach. It can also be used for categorising threats using LINDDUN and CIA. The key areas of focus for the tool is:
- Great UX - using Threat Dragon should be simple, engaging and fun
- A powerful threat/mitigation rule engine - this lowers the barrier to entry for teams and allow non-specialists to contribute
- Integration points with other development lifecycle tools - when implemented this will ensure that models slot easily into the development lifecycle and remain relevant as the project evolves