performing-threat-modeling-with-owasp-threat-dragon

Solid

Use OWASP Threat Dragon to create data flow diagrams, identify threats using STRIDE and LINDDUN methodologies, and generate threat model reports for secure design review.

AI & Automation 23 stars 6 forks Updated 4 weeks ago MIT

Install

View on GitHub

Quality Score: 80/100

Stars 20%
46
Recency 20%
90
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Performing Threat Modeling with OWASP Threat Dragon ## Overview OWASP Threat Dragon is an open-source threat modeling tool that enables security teams and developers to create threat model diagrams, identify threats using established methodologies (STRIDE, LINDDUN, CIA, DIE, PLOT4ai), and generate comprehensive reports. Threat Dragon runs as both a web application and desktop application (Windows, macOS, Linux), supporting distributed teams working collaboratively on threat models. Version 2.x provides drag-and-drop diagram creation, an auto-generation rule engine for threats and mitigations, and PDF report output for documentation and GRC compliance. ## When to Use - When conducting security assessments that involve performing threat modeling with owasp threat dragon - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - OWASP Threat Dragon desktop application or web instance - Understanding of data flow diagram (DFD) notation - Familiarity with STRIDE or LINDDUN threat classification - Application architecture documentation and network diagrams - Stakeholder access for design review sessions ## Threat Modeling Methodologies ### STRIDE | Category | Threat Type | Description | Example | |----------|-------------|-------------|---------| | S | Spoofing | Impersonating a user or system | Stolen session...

Details

Author
plurigrid
Repository
plurigrid/asi
Created
5 months ago
Last Updated
4 weeks ago
Language
HTML
License
MIT

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Featured

aws-architecture-diagram

Generate validated AWS architecture diagrams as draw.io XML using official AWS4 icon libraries. Use this skill whenever the user wants to create, generate, or design AWS architecture diagrams, cloud infrastructure diagrams, or system design visuals. Also triggers for requests to visualize existing infrastructure from CloudFormation, CDK, or Terraform code. Supports two modes: analyze an existing codebase to auto-generate diagrams, or brainstorm interactively from scratch. Exports .drawio files with optional PNG/SVG/PDF export via draw.io desktop CLI.

753 Updated 4 days ago
awslabs
AI & Automation Featured

evaluating-threat-intelligence-platforms

Evaluates and selects Threat Intelligence Platform (TIP) products based on organizational requirements including feed integration capability, STIX/TAXII support, workflow automation, analyst interface, and total cost of ownership. Use when conducting a TIP procurement, migrating between TIP solutions, or assessing whether the current TIP meets program maturity requirements. Activates for requests involving ThreatConnect, MISP, OpenCTI, Anomali, EclecticIQ, or TIP procurement decisions.

4,197 Updated 1 months ago
mukul975
AI & Automation Solid

doncheli-prd

Generate professional Product Requirement Documents (PRD) from multiple sources — Figma designs, briefs, user research, existing code. Includes risk analysis, RICE prioritization, Gherkin stories and launch plan. Activate when user mentions "PRD", "product requirements", "requirement document", "product spec", "figma to PRD", "generate PRD".

39 Updated 1 months ago
doncheli
Web & Frontend Solid

design-dna

Extract, define, and apply design DNA across three dimensions: design system (tokens), design style (qualitative feel), and visual effects (Canvas, WebGL, 3D, particles, shaders, scroll effects, etc.). Use this skill when: (1) a user wants to see the full 3-dimension design structure/schema, (2) a user provides images, screenshots, or URLs of reference designs and wants them analyzed into a structured JSON profile covering all three dimensions, (3) a user has a Design DNA JSON and content and wants a design generated from it, or (4) any combination of these phases. Triggers on "design DNA", "extract design style", "analyze design", "design tokens from reference", "generate design from JSON", "design system from screenshot", "design profile", "style guide JSON", "visual effects analysis", "design with effects", "3d design analysis".

701 Updated 1 months ago
zanwei
AI & Automation Solid

modeling-transaction-financing-structures

Constructs acquisition financing models with debt capacity, leverage analysis, coverage ratios, and capital structure optimization. Use when modeling deal financing, analyzing leverage capacity, or structuring acquisition debt.

21 Updated today
CaseMark