OWASP Threat Dragon
@threatdragon.bsky.social
Threat Dragon threat modeling tool from OWASP
owasp.org/www-project-threat-dragon/
owasp.org/www-project-threat-dragon/
Reposted by OWASP Threat Dragon
We released v18.0.0! It removes @nodejs.org 18.x support; mitigates local build issues w/ libxmljs; adds a new ⭐⭐⭐⭐⭐-challenge; adds a @defcon.bsky.social 33 theme for the @owasp.org collab w/ @blueteamvillage.bsky.social; fixes some bugs w/ telemetry, cats, and coupons! github.com/juice-shop/j...
Release v18.0.0 · juice-shop/juice-shop · GitHub
This release brings significant changes to existing challenges (⚡) which might break canned CTF setups as well as solution guides made for previous versions of OWASP Juice Shop! It also contains te...
github.com
June 17, 2025 at 5:29 AM
We released v18.0.0! It removes @nodejs.org 18.x support; mitigates local build issues w/ libxmljs; adds a new ⭐⭐⭐⭐⭐-challenge; adds a @defcon.bsky.social 33 theme for the @owasp.org collab w/ @blueteamvillage.bsky.social; fixes some bugs w/ telemetry, cats, and coupons! github.com/juice-shop/j...
Threat Dragon version 2.5 released:
github.com/OWASP/threat...
This release has some enhancements:
* Add demo models from the Threat Model Cookbook
* Multiple Diagrams: copy diagrams from the edit page
* Extend DIE to be CIA-DIE
* Updates to Portuguese translation
github.com/OWASP/threat...
This release has some enhancements:
* Add demo models from the Threat Model Cookbook
* Multiple Diagrams: copy diagrams from the edit page
* Extend DIE to be CIA-DIE
* Updates to Portuguese translation
August 20, 2025 at 12:36 PM
Threat Dragon version 2.5 released:
github.com/OWASP/threat...
This release has some enhancements:
* Add demo models from the Threat Model Cookbook
* Multiple Diagrams: copy diagrams from the edit page
* Extend DIE to be CIA-DIE
* Updates to Portuguese translation
github.com/OWASP/threat...
This release has some enhancements:
* Add demo models from the Threat Model Cookbook
* Multiple Diagrams: copy diagrams from the edit page
* Extend DIE to be CIA-DIE
* Updates to Portuguese translation
Reposted by OWASP Threat Dragon
Exciting news! 🚀 Join us at #OWASP Global #AppSec USA this November for a chance to become a mentor at our Meet the #Mentor event. Share your expertise, inspire future AppSec leaders, and be part of a thriving community.
Secure your spot here: owasp.wufoo.com/form...
Secure your spot here: owasp.wufoo.com/form...
August 18, 2025 at 5:43 PM
Exciting news! 🚀 Join us at #OWASP Global #AppSec USA this November for a chance to become a mentor at our Meet the #Mentor event. Share your expertise, inspire future AppSec leaders, and be part of a thriving community.
Secure your spot here: owasp.wufoo.com/form...
Secure your spot here: owasp.wufoo.com/form...
Reposted by OWASP Threat Dragon
The Developer Guide is now at version 4.1.9, with sunstantial changes to the application checklist:
github.com/OWASP/DevGui...
github.com/OWASP/DevGui...
Release Version 4.1.9 · OWASP/DevGuide
This version has large scale revisions to the checklists, which now follow more closely the later versions of the OWASP Secure Coding Practices quick reference guide.
In addition the checklists sec...
github.com
July 19, 2025 at 5:54 AM
The Developer Guide is now at version 4.1.9, with sunstantial changes to the application checklist:
github.com/OWASP/DevGui...
github.com/OWASP/DevGui...
The OWASP Developer Guide content has been migrated to the new site: devguide.owasp.org/
The DevGuide helps developers navigate the many OWASP projects and provides some advice along the way
The DevGuide helps developers navigate the many OWASP projects and provides some advice along the way
Introduction - OWASP Developer Guide
OWASP Foundation Developer Guide project
devguide.owasp.org
May 19, 2025 at 6:06 AM
The OWASP Developer Guide content has been migrated to the new site: devguide.owasp.org/
The DevGuide helps developers navigate the many OWASP projects and provides some advice along the way
The DevGuide helps developers navigate the many OWASP projects and provides some advice along the way
Reposted by OWASP Threat Dragon
We have now migrated the Spanish translation to the new site :
devguide.owasp.org/es/
devguide.owasp.org/es/
Introducción - OWASP Developer Guide
OWASP Foundation Developer Guide project
devguide.owasp.org
May 19, 2025 at 5:56 AM
We have now migrated the Spanish translation to the new site :
devguide.owasp.org/es/
devguide.owasp.org/es/
Reposted by OWASP Threat Dragon
Developer Guide version 4.1.8 has been released
The Developer Guide has been brought back in to original OWASP/DevGuide repo:
github.com/OWASP/DevGui...
The Developer Guide has been brought back in to original OWASP/DevGuide repo:
github.com/OWASP/DevGui...
github.com
May 3, 2025 at 12:20 PM
Developer Guide version 4.1.8 has been released
The Developer Guide has been brought back in to original OWASP/DevGuide repo:
github.com/OWASP/DevGui...
The Developer Guide has been brought back in to original OWASP/DevGuide repo:
github.com/OWASP/DevGui...
Threat Dragon version 2.4.1 released
This is a bug-fix release :
- Fix for unexpected label on Trust Boundary Box
- Fix of background for data flows and trust boundary curve labels
- priority level ‘TBA’ renamed to ‘TBD’
github.com/OWASP/threat...
This is a bug-fix release :
- Fix for unexpected label on Trust Boundary Box
- Fix of background for data flows and trust boundary curve labels
- priority level ‘TBA’ renamed to ‘TBD’
github.com/OWASP/threat...
Release Version 2.4.1 · OWASP/threat-dragon
What's Changed
Bug fix for unexpected label on Trust Boundary Box
Bug fix for data flows and trust boundary curve labels incorrectly displayed
priority level TBA renamed to TBD
Full Changelog: v2...
github.com
March 4, 2025 at 4:35 PM
Threat Dragon version 2.4.1 released
This is a bug-fix release :
- Fix for unexpected label on Trust Boundary Box
- Fix of background for data flows and trust boundary curve labels
- priority level ‘TBA’ renamed to ‘TBD’
github.com/OWASP/threat...
This is a bug-fix release :
- Fix for unexpected label on Trust Boundary Box
- Fix of background for data flows and trust boundary curve labels
- priority level ‘TBA’ renamed to ‘TBD’
github.com/OWASP/threat...
Threat Dragon version 2.4 released:
github.com/OWASP/threat...
This release has some new features such as:
* New threat priorities
* Create a new branch within a repository
* Provide TLS environment variables
* Export model diagrams as PNG, JPEG or SVG
and threat model diagram enhancements
github.com/OWASP/threat...
This release has some new features such as:
* New threat priorities
* Create a new branch within a repository
* Provide TLS environment variables
* Export model diagrams as PNG, JPEG or SVG
and threat model diagram enhancements
March 2, 2025 at 7:10 PM
Threat Dragon version 2.4 released:
github.com/OWASP/threat...
This release has some new features such as:
* New threat priorities
* Create a new branch within a repository
* Provide TLS environment variables
* Export model diagrams as PNG, JPEG or SVG
and threat model diagram enhancements
github.com/OWASP/threat...
This release has some new features such as:
* New threat priorities
* Create a new branch within a repository
* Provide TLS environment variables
* Export model diagrams as PNG, JPEG or SVG
and threat model diagram enhancements
ThreatModCon
The World’s Only Conference Dedicated To Threat Modeling
The conference is dedicated to providing a platform for threat modeling practitioners and AppSec leaders to delve into the latest trends & share best practices
www.threatmodcon.com
ThreatModCon | The World’s Only Conference Dedicated To Threat Modeling
The conference is dedicated to providing a platform for threat modeling practitioners and AppSec leaders to delve into the latest trends & share best practices.
threatmodcon.com
January 15, 2025 at 7:43 PM
ThreatModCon
The World’s Only Conference Dedicated To Threat Modeling
The conference is dedicated to providing a platform for threat modeling practitioners and AppSec leaders to delve into the latest trends & share best practices
www.threatmodcon.com
Reposted by OWASP Threat Dragon
🚀 Exciting news! Join the OWASP Global #AppSec EU event in Barcelona! Grab your Early Bird tickets now to save $$, connect with #cybersecurity experts, and boost your knowledge. Don't miss out on this opportunity: owasp.glueup.com/eve...
#devsecops #AI #threatmodeling #infosec #owaspglobalappsec
#devsecops #AI #threatmodeling #infosec #owaspglobalappsec
January 14, 2025 at 6:29 PM
🚀 Exciting news! Join the OWASP Global #AppSec EU event in Barcelona! Grab your Early Bird tickets now to save $$, connect with #cybersecurity experts, and boost your knowledge. Don't miss out on this opportunity: owasp.glueup.com/eve...
#devsecops #AI #threatmodeling #infosec #owaspglobalappsec
#devsecops #AI #threatmodeling #infosec #owaspglobalappsec
Reposted by OWASP Threat Dragon
Developer Guide version 4.1.7 has been released
A minor change that uses project names for all section headers:
github.com/OWASP/www-pr...
A minor change that uses project names for all section headers:
github.com/OWASP/www-pr...
Release Version 4.1.7 · OWASP/www-project-developer-guide
Uses project names for all section headers
See the latest web document or download the document in PDF format or as an e-book.
github.com
January 15, 2025 at 9:34 AM
Developer Guide version 4.1.7 has been released
A minor change that uses project names for all section headers:
github.com/OWASP/www-pr...
A minor change that uses project names for all section headers:
github.com/OWASP/www-pr...
A special thanks to Mohamed El-Bohy
for adding the ‘threats by context’ and ‘threats by element’ as part of his successful Google Summer of Code project
for adding the ‘threats by context’ and ‘threats by element’ as part of his successful Google Summer of Code project
December 7, 2024 at 2:07 PM
A special thanks to Mohamed El-Bohy
for adding the ‘threats by context’ and ‘threats by element’ as part of his successful Google Summer of Code project
for adding the ‘threats by context’ and ‘threats by element’ as part of his successful Google Summer of Code project
Threat Dragon version 2.3 released:
github.com/OWASP/threat...
a bit delayed from the initial date of September 2024
github.com/OWASP/threat...
a bit delayed from the initial date of September 2024
Release Version 2.3.0 · OWASP/threat-dragon
What's Changed
suggest threats by element
suggest threats by context
added google sign-in feature
new translation for Bahasa Indonesia
new translation for Malay
new translation for Japanese
improv...
github.com
December 7, 2024 at 2:06 PM
Threat Dragon version 2.3 released:
github.com/OWASP/threat...
a bit delayed from the initial date of September 2024
github.com/OWASP/threat...
a bit delayed from the initial date of September 2024
Reposted by OWASP Threat Dragon
Many thanks to Trevor Young from @securitycompass for presenting his talk "Security by Design, Not Injection" at the OWASP London Chapter Meetup last Monday!
The recording of the talk is now available to watch 📺 on the OWASP London YouTube Channel [please subscribe!]:👇
youtu.be/KCZfJ-60kWE?...
The recording of the talk is now available to watch 📺 on the OWASP London YouTube Channel [please subscribe!]:👇
youtu.be/KCZfJ-60kWE?...
Security by Design, Not Injection – Trevor Young
YouTube video by OWASP London
youtu.be
November 30, 2024 at 8:18 PM
Many thanks to Trevor Young from @securitycompass for presenting his talk "Security by Design, Not Injection" at the OWASP London Chapter Meetup last Monday!
The recording of the talk is now available to watch 📺 on the OWASP London YouTube Channel [please subscribe!]:👇
youtu.be/KCZfJ-60kWE?...
The recording of the talk is now available to watch 📺 on the OWASP London YouTube Channel [please subscribe!]:👇
youtu.be/KCZfJ-60kWE?...
Threat Dragon version 2.3.0 is at pre-release, the final block is getting the windows installer code-signed
everything else is in place for MacOS, Linux, Docker, web, Snap
everything else is in place for MacOS, Linux, Docker, web, Snap
November 29, 2024 at 3:30 PM
Threat Dragon version 2.3.0 is at pre-release, the final block is getting the windows installer code-signed
everything else is in place for MacOS, Linux, Docker, web, Snap
everything else is in place for MacOS, Linux, Docker, web, Snap
version 2.3.0 is stuck on MacOS notarization and Windows application code signing
hence the delay of the release originally planned for October
but we are working on it
hence the delay of the release originally planned for October
but we are working on it
November 21, 2024 at 5:13 PM
version 2.3.0 is stuck on MacOS notarization and Windows application code signing
hence the delay of the release originally planned for October
but we are working on it
hence the delay of the release originally planned for October
but we are working on it
Reposted by OWASP Threat Dragon
My talk at Threat Modeling Connect's ThreatModCon Lisbon 2024 was on Inherent Threats and how we manage them.
https://shostack.org/blog/inherent-threats-threatmodcon/
https://shostack.org/blog/inherent-threats-threatmodcon/
July 3, 2024 at 8:46 AM
My talk at Threat Modeling Connect's ThreatModCon Lisbon 2024 was on Inherent Threats and how we manage them.
https://shostack.org/blog/inherent-threats-threatmodcon/
https://shostack.org/blog/inherent-threats-threatmodcon/
Reposted by OWASP Threat Dragon
I have created a Blue Sky starter pack for @OWASP associated people here. Let me know if you are an #OWASP chapter leader, project leader, committee member, staff member, volunteer, etc and you want to be added, DM me or respond here.
go.bsky.app/Ks4c9Va
go.bsky.app/Ks4c9Va
OWASP Starter Pack
Join the conversation
go.bsky.app
November 20, 2024 at 6:30 AM
I have created a Blue Sky starter pack for @OWASP associated people here. Let me know if you are an #OWASP chapter leader, project leader, committee member, staff member, volunteer, etc and you want to be added, DM me or respond here.
go.bsky.app/Ks4c9Va
go.bsky.app/Ks4c9Va