| layout | title | tags | level | type | pitch |
|---|---|---|---|---|---|
col-sidebar |
OWASP Threat Modeling Project |
threatmodeling |
2 |
documentation |
Central repository of threat modeling information, techniques, and methodologies |
This is a documentation project. We provide information on threat modeling techniques for applications of all types, with a focus on current and emerging techniques.
Most threat model techniques answer one or more of the following questions:
- What are we working on?
- What can go wrong?
- What are we going to do about that?
- Did we do a good enough job?
This project will gather techniques, methodologies, tools and examples. We will group these using the four questions. This will allow people to easily find advice they can use.
Example: if you are looking for different diagramming techniques you will want to look for all the techniques answering the question "What are we working on."
This project follows a number of principles that all contributions must adhere to:
- We are vendor, methodology and tool independent: we strive to have examples in as many methodologies and/or tools as possible.
- Open discussion is promoted: all topics are open for discussion with just one rule: don't be a jerk. If you feel information is lacking or missing, let us know via the OWASP #threat-modeling slack channel.
- We come to an agreement: we discuss things mainly in google docs and on slack, if the project leaders feel a consensus is made, we will publish the content to our main website. All published content can be changed by submitting change requests on the Github repository that serves the website.