Threat Dragon is an open-source threat modelling tool from OWASP. It comes as an Electron based installable desktop app for OSX and Windows (Linux coming soon) or a web application. The desktop app saves your threat models on your local file system, but the online version stores its files in GitHub. This means that to use web app you have to sign in with a GitHub account and give it write access to your public repos. Other than that, the user experience is currently almost identical between the web and desktop variants. In the future, there will be deeper integration with GitHub (and other code repositories).

Threat Dragon is currently in the early stages of development (an OWASP incubator project) so there might be some bugs.

OWASP logo

Downloading the installable desktop application.

Getting started with Threat Dragon for the first time.

How to work with diagrams for your threat model .

A description of the rules used for threat generation.

Downloading the desktop app

The following installable versions are available for download from GitHub:

  • Windows (64 bit)
  • OSX

Getting started

Creating a new model

Web application

The Threat Dragon web variant stores its threat models in your GitHub repos. This is so that the models can stay close to the code they are modelling. Future versions will provide a deeper integration so watch this space but for now, when you login to Threat Dragon for the first time and hit you will see the Welcome page. To get started with your threat model click or tap

You will then be presented with a list of your GitHub repositories. Pick the one where you want to store your new model. If you have more than 30 repos you might have to page through them until you find the one you want. Once you have picked your target repo, you will be asked to pick a branch. Again, if you have more than 30 branches you might need to page. When you pick a branch you will be taken to the threat model edit page where you can enter general information about your model.

Desktop application

The Threat Dragon desktop variant stores its threat models on your local filesystem. To get started with your threat model click or tap

You will then be taken straight to the threat model edit page where you you can enter general information about your model.

Threat model edit page

The Title field is mandatory. All the rest are optional, but they provide context for your model. This can be useful if someone else has to pick the model up in the future. Although only the Title field is mandatory, your model will a be pretty useless without Diagrams. Add some diagrams to your model by clicking or tapping

Add a new diagram...

Name your diagram and then click or tap Add to confirm or Cancel if you change your mind

At this stage you are just listing the diagrams and naming them. You add all the diagram elements later.

Once you have entered all the details you need, click or tap Save. You can also Cancel to exit without saving, or Reload to undo any changes and revert to your last save.

In the web variant oif Threat Dragon, models are saved in your chosen branch at a path like ThreatDragonModels/[model name]/[model title].json. Look at the Demo Threat Model for an example. Because of this, if you change title of your model it will delete the old model in GitHub and replace it with one at the new path. This does not apply to the desktop variant.

Congratulations! You have got the basics done. Next step...mapping out your system in a diagram.

Loading a demo model

If you are wondering how to start, you can load a sample threat model. On the welcome page, to download the sample, click or tap

This should give you some ideas on how to get started with your own model. This works for both the web and desktop variants.

Opening an existing model

Web application

If you have a repository that already has threat models, you can open them by clicking or tapping

You will then be able to select a repo and branch and finally you will be able to choose from a list of models.

Desktop application

If you have an existing model file saved locally, you can open it by clicking or tapping

You will then be able to find the model file in your local file system and open it.

Threat model diagrams

Diagram title

To edit the diagram title, click or tap the icon towards the top right of the diagram editor. When you have edited it, tap or click

to save your change, or

to cancel and discard your change.

Processes, data stores and actors

Add model elements to your diagram by clicking or tapping the relevant shape in the stencil on the left side of the diagram editor. Once added they can be selected by clicking them to see their properties and threats and dragged around the diagram. to delete an element, first select it and then click on the red icon it the elements top left corner...

image showing the element delete tool

Data flows and trust boundaries

Data flows and trust boundaries can be added to the diagram by clicking their shape in the stencil on the left side of the diagram editor. Once added, their ends can be dragged around the diagram. To connect the end of a data flow to a process, data store or actor, you can drag one of its ends onto the element.

An easier way to draw data flows between elements is to select your first element, then click the grey link tool, next to the red remove tool near the top right of the selected element. This turns the link tool green. Then, when you click another element, a new data flow will be created, linking the first element to the second.

element link tool

Extra vertices can be added by clicking at some point on the line. These new vertices can also be dragged to position the data flow or trust boundary. Vertices can be removed by clicking the remove tool that appears when you mouse near to the vertex.

vertex remove tool

A data flow can be selected by clicking the Link options tool that appears when you mouse near to the link. Once selected you can edit its properties or add threats to it. Trust boundaries cannot be selected.

flow select tool

Data flows and trust boundaries can be deleted by clicking the red remove tool that appear when you mouse near to them.

flow remove tool

Out of scope elements

Processes, data stores, actors and data flows can be marked as out of scope. You can use this for elements that are needed to help a diagram make sense, but for which you are not interested in creating threats. To help reviewers (and as a reminder for future-you) you can specify a reason why elements have been marked out of scope. Threat generation is disabled for these elements. Out of scope elements are indicated in diagrams with dashed lines:

out of scope elements with dashed lines

Elements with open threats

Processes, data stores, actors and data flows that have open (unmitigated) threats are highlighted in red so that you know where to focus your attention:

elements with open threats are red

Editing toolbar

The toolbar on the diagram editing page supports some general diagramming features:

Toggles gridlines on/off. When gridlines are on, elements snap to them for neater models.

Cancels the edit and returns to the threat model details view.

Zooms the diagram in and out.

Clears all the elements from the model.

Reloads the diagram from the last save, discarding any changes.

Generates threats for the selected element using the threat generation rule engine.

Saves the threat model to your local browser storage.

Element properties

To edit the properties of a model element, first select it. The element properties are shown on the right side of the diagram editor. In a future version of Threat Dragon, these properties will be used by the threat generation engine to suggest threats and mitigations for your model.

Adding and editing threats

To add threats to elements in your diagram, select an element and tap or click Edit Threats on the left side of the diagram editor. This will collapse the model element stencil and show the threats for the selected element. To add a new threat, tap or click

Enter the details for your threat in the threat dialog. The Title and STRIDE Threat Type are mandatory. When you are done, hit Save. Your new threat should appear. To edit it again, tap or click its title.

Threat generation rules

Threat Dragon is still working towards its first milestone - an alpha release. At this point, the threat generation rules so far are just a stub to prove the technical approach. A more fully functional rule set is planned for the beta release (milestone 2), as described in the roadmap. Threat Dragon's alpha release aims to provide a basic threat modelling experience, but for the time being, you are on your own in terms of identifying threats and mitigations.