New project - New threat modelling tool

26 views
Skip to first unread message

Mike Goodwin

unread,
May 17, 2015, 11:29:51 AM5/17/15
to owasp-pro...@owasp.org
Background

For a few years now I've been a fan of threat modelling as a way to flush out attack vectors and plan mitigations. Since most of my development work has been on Windows I've used Microsoft's SDL threat modelling tool quite a lot. This is OK, but
  • The usability could be better
  • It is document based and not easy to collaborate
  • It is Windows only
  • (The newest version is a bit crashy)
The idea

So, my project is to develop a new threat modelling tool that addresses these problems:
  • Puts a lot of emphasis on great usability
  • Makes it easy to collaborate and integrate with other development tools
  • Works on any platform
Hold on...isn't this SeaSponge?

As I was working on prototyping this, mostly as a way of getting myself properly up to speed with javascript, I found out about SeaSponge via the OWASP leaders mailing list. SeaSponge has a lot in common with this project. Maybe they could be merged in the future? Who knows?

Key features planned
  • Web based
  • Rich UX
  • Threat generation via a powerful threat/mitigation engine
  • Work with local browser storage or cloud storage via plug-ins
  • Hooks for integration with other dev lifecycle tools/services
What has been done so far?

There is a working prototype!

The two main libraries in use are Angular for the MVC architecture and JointJS for the diagramming. Styling is via Bootstrap.

What next?

I'd love to get feedback from fellow OWASPers on the idea or the prototype.






johanna curiel

unread,
Feb 11, 2016, 2:27:36 PM2/11/16
to OWASP PROJECT IDEAS, Claudia Casanovas
Hi Mike

Please contact Claudia to get you started with a Project Idea page for this concept:

I see you also have already a working prototype, you may want to submitted as a project incubator

With a project idea you ca develop it further if you are not sure about features and need more time to develop it

Cheers 

Johanna

Mike Goodwin

unread,
Feb 12, 2016, 3:05:39 AM2/12/16
to OWASP PROJECT IDEAS
Update: This is now an OWASP incubator project:


The prototype link in the text above is dead. The new and much improved prototype is at

Reply all
Reply to author
Forward
0 new messages