[Owasp-leaders] Mozilla Seasponge - a free online threat modelling tool

Jim Manico jim.manico at owasp.org
Sun May 17 09:57:17 UTC 2015


Mike,

Thank you! Here is the guide for starting a new OWASP project.

https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project

While you are going over this if you have any questions or any suggestions to make this guide more useful let us know!

Aloha,
--
Jim Manico
@Manicode
(808) 652-3805

> On May 17, 2015, at 11:47 AM, Mike Goodwin <mike.goodwin at owasp.org> wrote:
> 
> Hello all,
> 
> As it happens, I've been working on a very similar concept to SeaSponge - an online threat modelling tool that works with client side storage. My project originally started as a way for me to learn a bit about javascript, but I was pleased enough with how it worked out to want to take it further. It has some things in common with SeaSponge from a technical point of view (angularjs, uses local storage for client side persistence), but there are some differences also (diagramming library, UX, some architecture differences). The next big functional step I have planned for the project is to do a proper threat generation rule engine.
> 
> I'd like to turn this into an OWASP project - how does this work? Does it need some approval? Do I need to write something? Etc?
> 
> You can have a look at a working version of the tool as it stands here:
> 
> http://babydragon.azurewebsites.net/#/
> 
> The source code is currently in a private repo on BitBucket. This is not because it is intended to be kept private - I want it to be open source and will make it public if it becomes an OWASP project. It's just private now because I was a bit embarrassed by the code - remember, it started as an exercise in learning javascript for me ;o) All the third party js libraries it uses are open source too.
> 
> Best regards,
> 
> Mike Goodwin
> UK-Newcastle chapter leader
> 
> 
> 
> 
>> On 2 April 2015 at 08:20, psiinon <psiinon at gmail.com> wrote:
>> SeaSponge threat model for the Tor Relay (https://blog.mozilla.org/it/2015/01/28/deploying-tor-relays/) attached :)
>> 
>> Cheers,
>> 
>> Simon
>> 
>>> On Wed, Apr 1, 2015 at 4:03 PM, psiinon <psiinon at gmail.com> wrote:
>>> I know we have at least one real model that was created here at Mozilla.
>>> We should be able to make it publicly available but I'm just double checking ;)
>>> 
>>>> On Tue, Mar 31, 2015 at 11:13 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>>> Thx for sharing (definitely interesting to an owasp crowd)
>>>> 
>>>> Do you know where we can find examples of complex (ie real world) models build with this tool?
>>>> 
>>>> I see where to load a model and create a new ones, but couldn't (easily) find existing models
>>>> 
>>>>> On 31 Mar 2015 10:18, "psiinon" <psiinon at gmail.com> wrote:
>>>>> Some students have developed a free online threat modelling tool as part of the Mozilla Winter of Security:
>>>>> 
>>>>> https://air.mozilla.org/mozilla-winter-of-security-seasponge-a-tool-for-easy-threat-modeling/
>>>>> 
>>>>> You can try it out here: http://mozilla.github.io/seasponge/#/
>>>>> 
>>>>> And the source code is here: https://github.com/mozilla/seasponge
>>>>> 
>>>>> They would be very grateful for feedback / pull requests :)
>>>>> 
>>>>> Hope you dont mind me plugging a non OWASP project on this list, but hopefully some of you will be interested in it...
>>>>> 
>>>>> Cheers,
>>>>> 
>>>>> Simon
>>>>> 
>>>>> -- 
>>>>> OWASP ZAP Project leader
>>>>> 
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> 
>>> 
>>> -- 
>>> OWASP ZAP Project leader
>> 
>> 
>> 
>> -- 
>> OWASP ZAP Project leader
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150517/b7a63351/attachment.html>


More information about the OWASP-Leaders mailing list