🗂️ Navigation
📁 Threat Intelligence
📋 Threat Modeling
🔧 OWASP Threat Dragon

OWASP Threat Dragon

An open-source threat modeling tool from OWASP.

Visit Website →

Overview

OWASP Threat Dragon is a free and open-source threat modeling tool designed to be simple and accessible. It allows users to create data flow diagrams (DFDs), record potential threats and their mitigations, and provide a visual representation of the system's attack surface. It supports methodologies like STRIDE and LINDDUN and is available as both a web and desktop application.

✨ Key Features

  • Data Flow Diagram (DFD) creation
  • Threat generation based on methodologies (STRIDE, LINDDUN, CIA, etc.)
  • Web and Desktop versions
  • Integration with code repositories (GitHub, GitLab, Bitbucket)
  • Open-source and free to use

🎯 Key Differentiators

  • Cross-platform (Web and Desktop for Windows, macOS, Linux).
  • Direct integration with multiple Git providers.
  • Actively maintained OWASP project.

Unique Value: Threat Dragon provides a completely free, open-source, and accessible way to create and manage threat models, with the unique ability to store them directly within your code repositories.

🎯 Use Cases (4)

Threat modeling for individuals and small teams Learning and teaching threat modeling concepts Integrating threat models directly into code repositories Open-source project security

✅ Best For

  • Creating and storing threat models alongside source code in GitHub.
  • Providing a no-cost threat modeling solution for budget-constrained teams.
  • Visualizing system architecture to identify potential security weaknesses.

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Large enterprises requiring automated compliance reporting, advanced analytics, and dedicated support.

🏆 Alternatives

Microsoft Threat Modeling Tool IriusRisk Community Edition

Offers broader platform support (web and all major desktop OS) and more repository integrations than the Microsoft TMT. It provides a more user-friendly interface for those new to threat modeling.

💻 Platforms

Web Desktop

✅ Offline Mode Available

🔌 Integrations

GitHub GitLab Bitbucket

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: The tool is completely free and open-source.

Visit OWASP Threat Dragon Website →

🔄 Similar Tools in Threat Modeling

IriusRisk

An automated threat modeling platform that helps developers and security teams build secure software...

Contact

ThreatModeler

An automated threat modeling solution that provides a unified view of threats across applications, c...

Contact

SD Elements

A Security by Design platform that automates threat modeling and secure development requirements....

Contact

Microsoft Threat Modeling Tool

A free tool from Microsoft that helps identify and mitigate potential security issues early in the d...

Contact

Threagile

An open-source, IDE-based toolkit for agile threat modeling using a declarative YAML format....

Contact

CAIRIS

An open-source platform for specifying and modeling secure and usable systems....

Contact