OWASP Threat Dragon Description
OWASP Threat Dragon serves as a modeling tool designed for creating diagrams that represent potential threats within a secure development lifecycle. Adhering to the principles of the threat modeling manifesto, Threat Dragon enables users to document potential threats and determine appropriate mitigation strategies, while also providing a visual representation of the various components and surfaces related to the threat model. This versatile tool is available as both a web-based application and a desktop version. The Open Web Application Security Project (OWASP) is a nonprofit organization dedicated to enhancing software security, and all of its projects, tools, documents, forums, and chapters are accessible for free to anyone eager to improve application security practices. By facilitating collaboration and knowledge sharing, OWASP encourages a community-focused approach to achieving higher security standards in software development.
OWASP Threat Dragon Alternatives
ThreatLocker
ThreatLocker is a Zero Trust security platform that stops cyber threats by allowing only approved applications and activity to run. It removes standing admin rights, enforces least privilege, and gives organizations precise control over software behavior. With capabilities like application control, ringfencing, and device and storage restrictions, it prevents ransomware, zero day exploits, and unauthorized actions before they can execute.
Purpose built for IT and security teams, ThreatLocker offers centralized management and full visibility across endpoints, users, and applications. It helps shrink the attack surface, restrict lateral movement, and meet compliance requirements with detailed auditing. Quick to deploy and easy to manage, the platform includes a large maintained application library and simplified approval workflows, enabling stronger security with less operational burden while keeping the business running smoothly.
Learn more
Criminal IP ASM
Criminal IP's Attack Surface Management (ASM) is an intelligence-driven platform designed to continuously identify, catalog, and oversee all internet-connected assets linked to an organization, including overlooked and shadow resources, enabling teams to understand their actual external exposure from the perspective of potential attackers. This solution integrates automated asset detection with open-source intelligence (OSINT) methods, artificial intelligence enhancements, and sophisticated threat intelligence to reveal exposed hosts, domains, cloud services, IoT devices, and other internet-facing entry points, while also collecting evidence such as screenshots and metadata, and linking findings to known vulnerabilities and attacker techniques. By evaluating exposures through the lens of business relevance and risk, ASM emphasizes vulnerable elements and misconfigurations, providing instantaneous alerts and interactive dashboards that facilitate quicker investigations and remediation efforts. Furthermore, this comprehensive tool empowers organizations to proactively manage their security posture, ensuring that they remain vigilant against emerging threats.
Learn more
Devici
Devici is a platform that helps teams move from inconsistent, document-based threat modeling to a clearer, more structured approach. It centers the work on a diagram, so AppSec and DevSecOps teams can map system behavior, add relevant attributes, and let the tool surface likely threats and recommended mitigations. This reduces the time spent interpreting static drawings or spreadsheets and gives teams a shared source of truth they can update as designs change.
The workspace supports simultaneous editing, patterns for common system components, and templates that speed up modeling for recurring architectures. Security practitioners can define reusable elements, while developers can contribute without needing deep expertise in threat modeling tools.
Devici also provides a maintained threat library, status tracking for each finding, and the option to integrate with issue trackers when teams need to push mitigation work into existing workflows. It offers a straightforward way to standardize threat modeling practices without introducing the overhead of heavier enterprise platforms, making it a practical option for organizations that need something accessible, collaborative, and easy to maintain.
Learn more
IriusRisk
IriusRisk is an open Threat Modeling platform that can be used by any development and operations team – even those without prior security training. Whether your organization follows a framework or not, we can work with all the threat modeling methodologies, such as STRIDE, TRIKE, OCTAVE and PASTA. We support organisations in financial services, insurance, industrial automation, healthcare, private sector and more.
IriusRisk is the industry's leading threat modeling and secure design solution in Application Security. With enterprise clients including Fortune 500 banks, payments, and technology providers, it empowers security and development teams to ensure applications have security built-in from the start - using its powerful threat modeling platform.
Whether teams are implementing threat modeling from scratch, or scaling-up their existing operations, the IriusRisk approach results in improved speed-to-market, collaboration across security and development teams, and the avoidance of costly security flaws.
Learn more
Company Details
Company:
OWASP
Year Founded:
2001
Headquarters:
United States
Website:
owasp.org/www-project-threat-dragon/
Media
Recommended Products
Agentic AI SRE built for Engineering and DevOps teams.
NeuBird AI's agentic AI SRE delivers autonomous incident resolution, helping team cut MTTR up to 90% and reclaim engineering hours lost to troubleshooting.
Product Details
Platforms
Web-Based
Types of Training
Training Videos
Customer Support
Online Support
OWASP Threat Dragon Features and Options
OWASP Threat Dragon User Reviews
Write a Review- Previous
- Next
