Audience

Threat Modeling solution for organizations

About OWASP Threat Dragon

OWASP Threat Dragon is a modeling tool used to create threat model diagrams as part of a secure development lifecycle. Threat Dragon follows the values and principles of the threat modeling manifesto. It can be used to record possible threats and decide on their mitigations, as well as giving a visual indication of the threat model components and threat surfaces. Threat Dragon runs either as a web application or a desktop application. The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

ThreatLocker
ThreatLocker
(11 Ratings)
For IT Professionals to stop ransomware and other cyberattacks, you need to do more than just hunt for threats. ThreatLocker helps you reduce your surface areas of attack with Zero Trust policy-driven endpoint security solutions. Now you can change the paradigm from only blocking known threats, to blocking everything that you have not explicitly allowed. ThreatLocker Application Allowlisting is the gold standard when it comes to blocking ransomware, viruses, and other software-based threats. Discover today the ThreatLocker suite of Zero Trust endpoint security solutions: Allowlisting, Ringfencing, Elevation Control, Storage Control, Network Control, Unified Audit, ThreatLocker Ops, Community, Configuration Manager and Health Center. 
Learn more
Threagile
Threagile
Threagile enables teams to execute Agile Threat Modeling as seamless as possible, even highly-integrated into DevSecOps environments. Threagile is the open-source toolkit which allows to model an architecture with its assets in an agile declarative fashion as a YAML file directly inside the IDE or any YAML editor. Upon execution of the Threagile toolkit a set of risk-rules execute security checks against the architecture model and create a report with potential risks and mitigation advice. Also nice-looking data-flow diagrams are automatically created as well as other output formats (Excel and JSON). The risk tracking can also happen inside the Threagile YAML model file, so that the current state of risk mitigation is reported as well. Threagile can either be run via the command-line (also a Docker container is available) or started as a REST-Server.
Learn more
IriusRisk
IriusRisk
IriusRisk is the industry's leading threat modeling and secure design solution in Application Security. With enterprise clients including Fortune 500 banks, payments, and technology providers, it empowers security and development teams to ensure applications have security built-in from the start - using its powerful threat modeling platform. Whether teams are implementing threat modeling from scratch, or scaling-up their existing operations, the IriusRisk approach results in improved speed-to-market, collaboration across security and development teams, and the avoidance of costly security flaws.
Learn more
Fortinet FortiWeb Web Application Firewall
Fortinet FortiWeb Web Application Firewall
(1 Rating)
Unprotected web applications and APIs are the easiest point of entry for hackers and vulnerable to a number of attack types. FortiWeb's AI-enhanced and multi-layered approach protects your web apps from the OWASP Top 10 and more. FortiWeb ML customizes the protection of each application, providing robust protection without requiring the time-consuming manual tuning required by other solutions. With ML, FortiWeb identifies anomalous behavior and, more importantly, distinguishes between malicious and benign anomalies. The solution also features robust bot mitigation capabilities, allowing benign bots to connect (e.g. search engines) while blocking malicious bot activity. FortiWeb also features API discovery and security, as well as threat analytics to identify meaningful security incidents. FortiWeb is available as an appliance, VM, and fully featured WAF-as-a-Service - which is available to trial and purchase in most cloud marketplaces.
Learn more

Integrations

API:
Yes, OWASP Threat Dragon offers API access
See Integrations

Ratings/Reviews

Overall 0.0 / 5
ease 0.0 / 5
features 0.0 / 5
design 0.0 / 5
support 0.0 / 5

This software hasn't been reviewed yet. Be the first to provide a review:

Review this Software

Company Information

OWASP
Founded: 2001
United States
owasp.org/www-project-threat-dragon/

Videos and Screen Captures

OWASP Threat Dragon Screenshot 1
OWASP Threat Dragon Screenshot 1
You Might Also Like
tigerlab is a global insurtech offering an API-driven insurance software solution Icon
tigerlab is a global insurtech offering an API-driven insurance software solution

Our insurance software solution helps your business to offer a digital experience for your customers and system users.

Tigerlab insurance software is a powerful, modular, and easily integrated system, built for you on cutting edge technologies. Simplifying complex processes and allowing for automation and configurability, it performs seamlessly on all digital platforms. Our unique business model allows you to invest in best-of-breed solution through a low-risk partnership. Returns are guaranteed whether you choose our individual modules or go full-suite.
Learn More

Product Details

Platforms Supported
SaaS
Training
Videos
Support
Online

OWASP Threat Dragon Frequently Asked Questions

Q: What kinds of users and organization types does OWASP Threat Dragon work with?
Q: What languages does OWASP Threat Dragon support in their product?
Q: What kind of support options does OWASP Threat Dragon offer?
Q: What other applications or services does OWASP Threat Dragon integrate with?
Q: Does OWASP Threat Dragon have an API?
Q: What type of training does OWASP Threat Dragon provide?

OWASP Threat Dragon Product Features