| title | layout | tab | order | tags |
|---|---|---|---|---|
Description |
true |
1 |
threatdragon |
Threat modeling is widely regarded as a powerful way to build security into the design of applications and systems early in a secure development lifecycle. At its best, threat modeling is especially good for:
- Ensuring defence-in-depth
- Establishing consistent security design patterns across an application
- Flushing out security requirements and user stories
OWASP Threat Dragon provides a free, open-source, threat modeling application that is powerful and easy to use. It can be used for categorising threats using STRIDE, LINDDUN CIA, DIE and PLOT4ai. The key areas of focus for the tool is:
- Simplicity - you can install and start using Threat Dragon very quickly
- Flexibility - the diagramming and threat generation allows all types of threat to be described
- Accessibility - different types of teams can benefit from Threat Dragon's simplicity and flexibility