SeaSponge is an accessible web-based threat modeling tool developed for Mozilla Winter of Security 2014.
This web-based application is being developed with three characteristics in mind:
- Accessibility: We want everyone to be able to map out their infrastructures and generate security reports on any operating-system and on any browser.
- Aesthetics: We're tired of clunky, boring interfaces - we want to bring the pizazz into threat-modeling.
- Intuitive User-Experience: We hate manuals, and we want you to be able to use this software without one.
Please see http://mozilla.github.io/seasponge/ for a live demo of the application.
There is also a video on Air Mozilla available at https://air.mozilla.org/mozilla-winter-of-security-seasponge-a-tool-for-easy-threat-modeling/
Example Threat Model developed with SeaSponge
Usage page in our Wiki for more details.
Please see our Contributing Guidelines
You may need to prefix commands with
On Debian and Ubuntu-based platforms, the nodejs-legacy package must be installed along with nodejs and npm using apt-get in order to fix a naming conflict that will otherwise prevent some packages from building and running correctly, as explained in [/usr/share/doc/nodejs/README.Debian] (http://apt-browse.org/browse/ubuntu/trusty/universe/i386/nodejs/0.10.25~dfsg2-2ubuntu1/file/usr/share/doc/nodejs/README.Debian)
npm install bower install
Once you have the application and dependencies installed you can start building the app.
# Previews the app on a local server grunt serve # Builds the application to dist/ grunt build
# Build docs to docs/ grunt docs # Build docs and serve docs/ for web browser grunt serve:docs
Please see the Development Guide