Skip to main content

OWASP Threat Dragon

⚙️OWASP Threat Dragon setup
If you didn't set up the threat-modelling profile's infrastructure, please do so by running the command docker-compose --profile threat-modelling up.

Access this link to interact with the application's web user interface.
📚OWASP Threat Dragon documentation
The OWASP Threat Dragon documentation is available here.

Creating a threat model

  1. Access your local OWASP Threat Dragon user interface from the browser. If you have issues with the deployment of this container, please use the publicly available demo instance.
  2. Create a new, empty threat model.
  3. Fill in the details of the threat model.
  4. Create a new STRIDE diagram.
  5. Save the details of the threat model and start editing the STRIDE diagram.
  6. Use processes, stores, actors, and data flows from the left panel to model the behavior of Ubuntu Portrait. You can use the architectural diagram as a starting point.
  7. Use the specific elements from the left panel to draw the trust boundaries.
  8. For each component of the threat model, identify what actions an attacker can take to damage the security of Ubuntu Portrait.
  9. For each identified threat, create a new entry by selecting the affected component and using the bottom-left panel to enter its details.