Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → OWASP → Threat Dragon Desktop

OWASP / Threat Dragon Desktop

Licence: apache-2.0

Desktop variant of OWASP Threat Dragon

Labels

css owasp

Projects that are alternatives of or similar to Threat Dragon Desktop

Glue

Application Security Automation

Stars: ✭ 412 (+677.36%)

Mutual labels: owasp

Security Code Scan

Vulnerability Patterns Detector for C# and VB.NET

Stars: ✭ 550 (+937.74%)

Mutual labels: owasp

Owasp Zap Glue Ci Images

Ready to use images of Zap and Glue, especially for CI integration.

Stars: ✭ 25 (-52.83%)

Mutual labels: owasp

Juice Shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Stars: ✭ 6,270 (+11730.19%)

Mutual labels: owasp

Zsc

OWASP ZSC - Shellcode/Obfuscate Code Generator

Stars: ✭ 536 (+911.32%)

Mutual labels: owasp

Opendoor

OWASP WEB Directory Scanner

Stars: ✭ 586 (+1005.66%)

Mutual labels: owasp

Maryam

Maryam: Open-source Intelligence(OSINT) Framework

Stars: ✭ 371 (+600%)

Mutual labels: owasp

Nettacker

Automated Penetration Testing Framework

Stars: ✭ 982 (+1752.83%)

Mutual labels: owasp

Owasp Web Checklist

OWASP Web Application Security Testing Checklist

Stars: ✭ 543 (+924.53%)

Mutual labels: owasp

Threat Dragon Core

OWASP Threat Dragon core files

Stars: ✭ 24 (-54.72%)

Mutual labels: owasp

Awesome Appsec

A curated list of resources for learning about application security

Stars: ✭ 4,761 (+8883.02%)

Mutual labels: owasp

Owasp Vwad

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

Stars: ✭ 487 (+818.87%)

Mutual labels: owasp

Joomscan

OWASP Joomla Vulnerability Scanner Project

Stars: ✭ 640 (+1107.55%)

Mutual labels: owasp

Dvna

Damn Vulnerable NodeJS Application

Stars: ✭ 463 (+773.58%)

Mutual labels: owasp

Awesome Ethical Hacking Resources

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Stars: ✭ 933 (+1660.38%)

Mutual labels: owasp

Www Community

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

Stars: ✭ 409 (+671.7%)

Mutual labels: owasp

Amass

In-depth Attack Surface Mapping and Asset Discovery

Stars: ✭ 6,284 (+11756.6%)

Mutual labels: owasp

Express Security

nodejs + express security and performance boilerplate.

Stars: ✭ 37 (-30.19%)

Mutual labels: owasp

Blackwidow

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Stars: ✭ 887 (+1573.58%)

Mutual labels: owasp

Dependency Track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Stars: ✭ 718 (+1254.72%)

Mutual labels: owasp

View All Similar Projects ➔

Note that this repository has been migrated from Mike Goodwin's original , which has the issues and pull requests from March 2017 up to June 2020.

OWASP Threat Dragon

Threat Dragon is a free, open-source, cross-platform threat modeling application including system diagramming and a rule engine to auto-generate threats/mitigations. It is an OWASP Incubator Project and follows the values and principles of the threat modeling manifesto. The roadmap for the project is a great UX, a powerful rule engine and integration with other development lifecycle tools.

There is a good overview of threat modeling and risk assessment from OWASP, and this expands on what Threat Dragon will achieve:

designing the data flow diagram
automatic determining and ranking threats
suggested mitigations
entry of mitigations and counter measures

The application comes in two variants, this repository contains the files for the desktop variant:

A desktop application: This is based on Electron. There are installers available for both Windows and Mac OSX, as well as rpm and debian packages for Linux. For the desktop variant models are stored on the local filesystem.
A web application: For the web application, models files are stored in GitHub (other storage will become available). We are currently maintaining a working protoype in synch with the main code branch.

End user help is available.

Install instructions are here.

In addition to the Threat Dragon graphical user interface, there is a command line interface for scripting and build pipelines.

Screenshots

Here are a few screenshots of the app to give you a feel for what it looks like. First, the welcome screen

The diagramming screen:

And the threat editing screen

Contributing

Pull requests, feature requests, bug reports and feedback of any kind are very welcome, please refer to the page for contributors.

We are trying to keep the test coverage relatively high, so please try to update tests in any PRs and make PRs on the development branch. There are some developer notes in the core threat dragon repo to help get started with this project.

Vulnerability disclosure

If you find a vulnerability in this project please let us know ASAP and we will fix it as a priority. For secure disclosure, please see the security policy.

Project leaders

Mike Goodwin ([email protected])
Jon Gadsden ([email protected])

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 53

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (15) 🔗