OWASP Threat Dragon

So @ElarLang just published version 5.0.0 of OWASP ASVS, live on stage at @OWASP Global AppSec EU Barcelona 2025!

Release v18.0.0 · juice-shop/juice-shop · GitHub This release brings significant changes to existing challenges (⚡) which might break canned CTF setups as well as solution guides made for previous versions of OWASP Juice Shop! It also contains te...

We released v18.0.0! It removes @nodejs.org 18.x support; mitigates local build issues w/ libxmljs; adds a new ⭐⭐⭐⭐⭐-challenge; adds a @defcon.bsky.social 33 theme for the @owasp.org collab w/ @blueteamvillage.bsky.social; fixes some bugs w/ telemetry, cats, and coupons! github.com/juice-shop/j...

Threat Dragon version 2.5 released:
github.com/OWASP/threat...
This release has some enhancements:
* Add demo models from the Threat Model Cookbook
* Multiple Diagrams: copy diagrams from the edit page
* Extend DIE to be CIA-DIE
* Updates to Portuguese translation

Exciting news! 🚀 Join us at #OWASP Global #AppSec USA this November for a chance to become a mentor at our Meet the #Mentor event. Share your expertise, inspire future AppSec leaders, and be part of a thriving community.

Secure your spot here: owasp.wufoo.com/form...

Release Version 4.1.9 · OWASP/DevGuide This version has large scale revisions to the checklists, which now follow more closely the later versions of the OWASP Secure Coding Practices quick reference guide. In addition the checklists sec...

The Developer Guide is now at version 4.1.9, with sunstantial changes to the application checklist:
github.com/OWASP/DevGui...

The OWASP Developer Guide content has been migrated to the new site: devguide.owasp.org/
The DevGuide helps developers navigate the many OWASP projects and provides some advice along the way

We have now migrated the Spanish translation to the new site :
devguide.owasp.org/es/

Developer Guide version 4.1.8 has been released
The Developer Guide has been brought back in to original OWASP/DevGuide repo:
github.com/OWASP/DevGui...

Threat Dragon version 2.4.1 released
This is a bug-fix release :
- Fix for unexpected label on Trust Boundary Box
- Fix of background for data flows and trust boundary curve labels
- priority level ‘TBA’ renamed to ‘TBD’
github.com/OWASP/threat...

Threat Dragon version 2.4 released:
github.com/OWASP/threat...
This release has some new features such as:
* New threat priorities
* Create a new branch within a repository
* Provide TLS environment variables
* Export model diagrams as PNG, JPEG or SVG
and threat model diagram enhancements

ThreatModCon | The World’s Only Conference Dedicated To Threat Modeling The conference is dedicated to providing a platform for threat modeling practitioners and AppSec leaders to delve into the latest trends & share best practices.

ThreatModCon
The World’s Only Conference Dedicated To Threat Modeling
The conference is dedicated to providing a platform for threat modeling practitioners and AppSec leaders to delve into the latest trends & share best practices
www.threatmodcon.com

🚀 Exciting news! Join the OWASP Global #AppSec EU event in Barcelona! Grab your Early Bird tickets now to save $$, connect with #cybersecurity experts, and boost your knowledge. Don't miss out on this opportunity: owasp.glueup.com/eve...

#devsecops #AI #threatmodeling #infosec #owaspglobalappsec

Release Version 4.1.7 · OWASP/www-project-developer-guide Uses project names for all section headers See the latest web document or download the document in PDF format or as an e-book.

Developer Guide version 4.1.7 has been released
A minor change that uses project names for all section headers:
github.com/OWASP/www-pr...

A special thanks to Mohamed El-Bohy
for adding the ‘threats by context’ and ‘threats by element’ as part of his successful Google Summer of Code project

Release Version 2.3.0 · OWASP/threat-dragon What's Changed suggest threats by element suggest threats by context added google sign-in feature new translation for Bahasa Indonesia new translation for Malay new translation for Japanese improv...

Threat Dragon version 2.3 released:
github.com/OWASP/threat...
a bit delayed from the initial date of September 2024

Security by Design, Not Injection – Trevor Young YouTube video by OWASP London

Many thanks to Trevor Young from @securitycompass for presenting his talk "Security by Design, Not Injection" at the OWASP London Chapter Meetup last Monday!
The recording of the talk is now available to watch 📺 on the OWASP London YouTube Channel [please subscribe!]:👇
youtu.be/KCZfJ-60kWE?...

Threat Dragon version 2.3.0 is at pre-release, the final block is getting the windows installer code-signed
everything else is in place for MacOS, Linux, Docker, web, Snap

version 2.3.0 is stuck on MacOS notarization and Windows application code signing
hence the delay of the release originally planned for October
but we are working on it

My talk at Threat Modeling Connect's ThreatModCon Lisbon 2024 was on Inherent Threats and how we manage them.

https://shostack.org/blog/inherent-threats-threatmodcon/

OWASP Starter Pack Join the conversation

I have created a Blue Sky starter pack for @OWASP associated people here. Let me know if you are an #OWASP chapter leader, project leader, committee member, staff member, volunteer, etc and you want to be added, DM me or respond here.

go.bsky.app/Ks4c9Va

Could Threat Dragon be added? Thanks