From cybersecurity-skills
Guides threat modeling with OWASP Threat Dragon: create DFDs, identify threats using STRIDE/LINDDUN, generate reports for secure design reviews.
npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skillsThis skill uses the workspace's default tool permissions.
OWASP Threat Dragon is an open-source threat modeling tool that enables security teams and developers to create threat model diagrams, identify threats using established methodologies (STRIDE, LINDDUN, CIA, DIE, PLOT4ai), and generate comprehensive reports. Threat Dragon runs as both a web application and desktop application (Windows, macOS, Linux), supporting distributed teams working collabor...
Applies Acme Corporation brand guidelines including colors, fonts, layouts, and messaging to generated PowerPoint, Excel, and PDF documents.
Builds DCF models with sensitivity analysis, Monte Carlo simulations, and scenario planning for investment valuation and risk assessment.
Calculates profitability (ROE, margins), liquidity (current ratio), leverage, efficiency, and valuation (P/E, EV/EBITDA) ratios from financial statements in CSV, JSON, text, or Excel for investment analysis.
OWASP Threat Dragon is an open-source threat modeling tool that enables security teams and developers to create threat model diagrams, identify threats using established methodologies (STRIDE, LINDDUN, CIA, DIE, PLOT4ai), and generate comprehensive reports. Threat Dragon runs as both a web application and desktop application (Windows, macOS, Linux), supporting distributed teams working collaboratively on threat models. Version 2.x provides drag-and-drop diagram creation, an auto-generation rule engine for threats and mitigations, and PDF report output for documentation and GRC compliance.
| Category | Threat Type | Description | Example |
|---|---|---|---|
| S | Spoofing | Impersonating a user or system | Stolen session tokens |
| T | Tampering | Modifying data in transit or at rest | SQL injection altering records |
| R | Repudiation | Denying an action occurred | Missing audit logs |
| I | Information Disclosure | Exposing sensitive data | API returning excessive fields |
| D | Denial of Service | Making a service unavailable | Resource exhaustion attack |
| E | Elevation of Privilege | Gaining unauthorized access | Broken access control |
| Category | Threat Type | Description |
|---|---|---|
| L | Linkability | Associating data items across contexts |
| I | Identifiability | Identifying an individual from data |
| N | Non-repudiation | Inability to deny an action (privacy risk) |
| D | Detectability | Determining if data about a subject exists |
| D | Disclosure | Exposing personal information |
| U | Unawareness | User unaware of data collection |
| N | Non-compliance | Violating privacy regulations |
Desktop Application: Download the installer from the OWASP Threat Dragon releases page for Windows (.exe), macOS (.dmg), or Linux (.AppImage/.deb/.rpm).
Web Application (Docker):
docker run -p 3000:3000 \
-e ENCRYPTION_JWT_SIGNING_KEY=$(openssl rand -hex 32) \
-e ENCRYPTION_JWT_REFRESH_SIGNING_KEY=$(openssl rand -hex 32) \
-e ENCRYPTION_KEYS='[{"isPrimary":true,"id":0,"value":"'$(openssl rand -hex 16)'"}]' \
-e NODE_ENV=production \
owasp/threat-dragon:latest
Before creating diagrams, document the scope:
In Threat Dragon, create a new threat model and add diagrams using the following DFD elements:
Processes: Applications, microservices, API endpoints that transform data. Represented as circles/rounded rectangles.
Data Stores: Databases, file systems, caches, message queues that persist data. Represented as parallel lines.
External Entities: Users, external systems, third-party services outside the trust boundary. Represented as rectangles.
Data Flows: Communication channels between elements showing data direction. Represented as arrows with labels describing the data.
Trust Boundaries: Dashed lines separating zones of different trust levels (internet/DMZ/internal network, user/admin).
For each DFD element, apply the STRIDE methodology:
| Element Type | Applicable STRIDE Categories |
|---|---|
| External Entity | Spoofing, Repudiation |
| Process | Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege |
| Data Store | Tampering, Information Disclosure, DoS |
| Data Flow | Tampering, Information Disclosure, DoS |
Threat Dragon's rule engine automatically suggests threats based on element types. Review each suggestion and mark as:
For each open threat, document:
Threat Dragon produces PDF reports containing:
Threat Dragon uses JSON format for threat models, enabling version control and programmatic manipulation:
{
"version": "2.2.0",
"summary": {
"title": "E-Commerce Application",
"owner": "Security Team",
"description": "Threat model for the checkout flow"
},
"detail": {
"contributors": [
{"name": "Security Architect"}
],
"diagrams": [
{
"id": 0,
"title": "Checkout Flow",
"diagramType": "STRIDE",
"cells": []
}
]
}
}
Threat Dragon participates in the CycloneDX Threat Model Bill of Materials (TMBOM) effort, enabling export to a common format that can be consumed by other threat modeling tools and GRC platforms, preventing vendor lock-in.