In this fire-breathing edition of the Exploring Information Security podcast, I talk to Mike Goodwin the project lead of the OWASP Threat Dragon.
Mike (@theblacklabguy) joins me to discuss his OWASP project Threat Dragon. The project is meant to give developers an easy use tool for performing threat modeling. The project is built on NodeJS and AngularJS. It has a slick easy-to-use interface and Github integration. His roadmap for the project include Bitbucket integration and a rule engine that will help with threat modeling.
In this episode we discuss:
- What is threat modeling?
- What led to the idea of Threat Dragon?
- How does someone get started with the tool?
- What's the effort on a project like this? (mike[dot]goodwing[at]owasp[dot]org to help)
More resources:
- Threat Modeling: Designing for Security by Adam Shostack