Threat Dragon is an open-source threat modelling tool from OWASP. It comes as an Electron based installable desktop app for OSX and Windows (Linux coming soon) or a web application. The desktop app saves your threat models on your local file system, but the online version stores its files in GitHub. This means that to use web app you have to sign in with a GitHub account and give it write access to your public repos. Other than that, the user experience is currently almost identical between the web and desktop variants. In the future, there will be deeper integration with GitHub (and other code repositories).
Threat Dragon is currently in the early stages of development (an OWASP incubator project) so there might be some bugs.
The following installable versions are available for download from GitHub:
The Threat Dragon web variant stores its threat models in your GitHub repos. This is so that the models can stay close to the
code they are modelling. Future versions will provide a deeper integration so watch this space but for now, when you login to Threat Dragon for the first time and
https://threatdragon.org you will see the Welcome page. To get started with your threat model click or tap
You will then be presented with a list of your GitHub repositories. Pick the one where you want to store your new model. If you have more than 30 repos you might have to page through them until you find the one you want. Once you have picked your target repo, you will be asked to pick a branch. Again, if you have more than 30 branches you might need to page. When you pick a branch you will be taken to the threat model edit page where you can enter general information about your model.
The Threat Dragon desktop variant stores its threat models on your local filesystem. To get started with your threat model click or tap
You will then be taken straight to the threat model edit page where you you can enter general information about your model.
The Title field is mandatory. All the rest are optional, but they provide context for your model. This can be useful if someone else has to pick the model up in the future. Although only the Title field is mandatory, your model will a be pretty useless without Diagrams. Add some diagrams to your model by clicking or tapping
Name your diagram and then click or tap Add to confirm or Cancel if you change your mind
At this stage you are just listing the diagrams and naming them. You add all the diagram elements later.
Once you have entered all the details you need, click or tap Save. You can also Cancel to exit without saving, or Reload to undo any changes and revert to your last save.
In the web variant oif Threat Dragon, models are saved in your chosen branch at a path like
ThreatDragonModels/[model name]/[model title].json. Look at the
Demo Threat Model for an example. Because of this, if you change
title of your model it will delete the old model in GitHub and replace it with one at the new path. This does not apply to the desktop variant.
Congratulations! You have got the basics done. Next step...mapping out your system in a diagram.
If you are wondering how to start, you can load a sample threat model. On the welcome page, to download the sample, click or tap
This should give you some ideas on how to get started with your own model. This works for both the web and desktop variants.
If you have a repository that already has threat models, you can open them by clicking or tapping
You will then be able to select a repo and branch and finally you will be able to choose from a list of models.
If you have an existing model file saved locally, you can open it by clicking or tapping
You will then be able to find the model file in your local file system and open it.
To edit the diagram title, click or tap the icon towards the top right of the diagram editor. When you have edited it, tap or click
to save your change, or
to cancel and discard your change.
Add model elements to your diagram by clicking or tapping the relevant shape in the stencil on the left side of the diagram editor. Once added they can be selected by clicking them to see their properties and threats and dragged around the diagram. to delete an element, first select it and then click on the red icon it the elements top left corner...
Data flows and trust boundaries can be added to the diagram by clicking their shape in the stencil on the left side of the diagram editor. Once added, their ends can be dragged around the diagram. To connect the end of a data flow to a process, data store or actor, you can drag one of its ends onto the element.
An easier way to draw data flows between elements is to select your first element, then click the grey link tool, next to the red remove tool near the top right of the selected element. This turns the link tool green. Then, when you click another element, a new data flow will be created, linking the first element to the second.
Extra vertices can be added by clicking at some point on the line. These new vertices can also be dragged to position the data flow or trust boundary. Vertices can be removed by clicking the remove tool that appears when you mouse near to the vertex.
A data flow can be selected by clicking the Link options tool that appears when you mouse near to the link. Once selected you can edit its properties or add threats to it. Trust boundaries cannot be selected.
Data flows and trust boundaries can be deleted by clicking the red remove tool that appear when you mouse near to them.
Processes, data stores, actors and data flows can be marked as out of scope. You can use this for elements that are needed to help a diagram make sense, but for which you are not interested in creating threats. To help reviewers (and as a reminder for future-you) you can specify a reason why elements have been marked out of scope. Threat generation is disabled for these elements. Out of scope elements are indicated in diagrams with dashed lines:
Processes, data stores, actors and data flows that have open (unmitigated) threats are highlighted in red so that you know where to focus your attention:
Toggles gridlines on/off. When gridlines are on, elements snap to them for neater models.
Zooms the diagram in and out.
Clears all the elements from the model.
Reloads the diagram from the last save, discarding any changes.
Generates threats for the selected element using the threat generation rule engine.
Saves the threat model to your local browser storage.
To add threats to elements in your diagram, select an element and tap or click Edit Threats on the left side of the diagram editor. This will collapse the model element stencil and show the threats for the selected element. To add a new threat, tap or click
Threat Dragon is still working towards its first milestone - an alpha release. At this point, the threat generation rules so far are just a stub to prove the technical approach. A more fully functional rule set is planned for the beta release (milestone 2), as described in the roadmap. Threat Dragon's alpha release aims to provide a basic threat modelling experience, but for the time being, you are on your own in terms of identifying threats and mitigations.