[Owasp-leaders] Mozilla Seasponge - a free online threat modelling tool

Mike Goodwin mike.goodwin at owasp.org
Sun May 17 09:47:48 UTC 2015

Hello all,

As it happens, I've been working on a very similar concept to SeaSponge -
an online threat modelling tool that works with client side storage. My
project originally started as a way for me to learn a bit about javascript,
but I was pleased enough with how it worked out to want to take it further.
It has some things in common with SeaSponge from a technical point of view
(angularjs, uses local storage for client side persistence), but there are
some differences also (diagramming library, UX, some architecture
differences). The next big functional step I have planned for the project
is to do a proper threat generation rule engine.

I'd like to turn this into an OWASP project - how does this work? Does it
need some approval? Do I need to write something? Etc?

You can have a look at a working version of the tool as it stands here:


The source code is currently in a private repo on BitBucket. This is not
because it is intended to be kept private - I want it to be open source and
will make it public if it becomes an OWASP project. It's just private now
because I was a bit embarrassed by the code - remember, it started as an
exercise in learning javascript for me ;o) All the third party js libraries
it uses are open source too.

Best regards,

Mike Goodwin
UK-Newcastle chapter leader

On 2 April 2015 at 08:20, psiinon <psiinon at gmail.com> wrote:

> SeaSponge threat model for the Tor Relay (
> https://blog.mozilla.org/it/2015/01/28/deploying-tor-relays/) attached :)
> Cheers,
> Simon
> On Wed, Apr 1, 2015 at 4:03 PM, psiinon <psiinon at gmail.com> wrote:
>> I know we have at least one real model that was created here at Mozilla.
>> We should be able to make it publicly available but I'm just double
>> checking ;)
>> On Tue, Mar 31, 2015 at 11:13 AM, Dinis Cruz <dinis.cruz at owasp.org>
>> wrote:
>>> Thx for sharing (definitely interesting to an owasp crowd)
>>> Do you know where we can find examples of complex (ie real world) models
>>> build with this tool?
>>> I see where to load a model and create a new ones, but couldn't (easily)
>>> find existing models
>>> On 31 Mar 2015 10:18, "psiinon" <psiinon at gmail.com> wrote:
>>>> Some students have developed a free online threat modelling tool as
>>>> part of the Mozilla Winter of Security:
>>>> https://air.mozilla.org/mozilla-winter-of-security-seasponge-a-tool-for-easy-threat-modeling/
>>>> You can try it out here: http://mozilla.github.io/seasponge/#/
>>>> And the source code is here: https://github.com/mozilla/seasponge
>>>> They would be very grateful for feedback / pull requests :)
>>>> Hope you dont mind me plugging a non OWASP project on this list, but
>>>> hopefully some of you will be interested in it...
>>>> Cheers,
>>>> Simon
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150517/a6f790e5/attachment-0001.html>

More information about the OWASP-Leaders mailing list