[Owasp-leaders] Mozilla Seasponge - a free online threat modelling tool

Mike Goodwin mike.goodwin at owasp.org
Sun May 17 15:33:21 UTC 2015


Thank you Jim. I've put a post on the new project ideas board
<https://groups.google.com/a/owasp.org/forum/?hl=en#!topic/owasp-project-ideas/4OAzml9wOvE>.
Any feedback is very welcome!

Mike

On 17 May 2015 at 10:57, Jim Manico <jim.manico at owasp.org> wrote:

> Mike,
>
> Thank you! Here is the guide for starting a new OWASP project.
>
>
> https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project
>
> While you are going over this if you have any questions or any suggestions
> to make this guide more useful let us know!
>
> Aloha,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On May 17, 2015, at 11:47 AM, Mike Goodwin <mike.goodwin at owasp.org> wrote:
>
> Hello all,
>
> As it happens, I've been working on a very similar concept to SeaSponge -
> an online threat modelling tool that works with client side storage. My
> project originally started as a way for me to learn a bit about javascript,
> but I was pleased enough with how it worked out to want to take it further.
> It has some things in common with SeaSponge from a technical point of view
> (angularjs, uses local storage for client side persistence), but there are
> some differences also (diagramming library, UX, some architecture
> differences). The next big functional step I have planned for the project
> is to do a proper threat generation rule engine.
>
> I'd like to turn this into an OWASP project - how does this work? Does it
> need some approval? Do I need to write something? Etc?
>
> You can have a look at a working version of the tool as it stands here:
>
> http://babydragon.azurewebsites.net/#/
>
> The source code is currently in a private repo on BitBucket. This is not
> because it is intended to be kept private - I want it to be open source and
> will make it public if it becomes an OWASP project. It's just private now
> because I was a bit embarrassed by the code - remember, it started as an
> exercise in learning javascript for me ;o) All the third party js libraries
> it uses are open source too.
>
> Best regards,
>
> Mike Goodwin
> UK-Newcastle chapter leader
>
>
>
>
> On 2 April 2015 at 08:20, psiinon <psiinon at gmail.com> wrote:
>
>> SeaSponge threat model for the Tor Relay (
>> https://blog.mozilla.org/it/2015/01/28/deploying-tor-relays/) attached :)
>>
>> Cheers,
>>
>> Simon
>>
>> On Wed, Apr 1, 2015 at 4:03 PM, psiinon <psiinon at gmail.com> wrote:
>>
>>> I know we have at least one real model that was created here at Mozilla.
>>> We should be able to make it publicly available but I'm just double
>>> checking ;)
>>>
>>> On Tue, Mar 31, 2015 at 11:13 AM, Dinis Cruz <dinis.cruz at owasp.org>
>>> wrote:
>>>
>>>> Thx for sharing (definitely interesting to an owasp crowd)
>>>>
>>>> Do you know where we can find examples of complex (ie real world)
>>>> models build with this tool?
>>>>
>>>> I see where to load a model and create a new ones, but couldn't
>>>> (easily) find existing models
>>>> On 31 Mar 2015 10:18, "psiinon" <psiinon at gmail.com> wrote:
>>>>
>>>>> Some students have developed a free online threat modelling tool as
>>>>> part of the Mozilla Winter of Security:
>>>>>
>>>>>
>>>>> https://air.mozilla.org/mozilla-winter-of-security-seasponge-a-tool-for-easy-threat-modeling/
>>>>>
>>>>> You can try it out here: http://mozilla.github.io/seasponge/#/
>>>>>
>>>>> And the source code is here: https://github.com/mozilla/seasponge
>>>>>
>>>>> They would be very grateful for feedback / pull requests :)
>>>>>
>>>>> Hope you dont mind me plugging a non OWASP project on this list, but
>>>>> hopefully some of you will be interested in it...
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Simon
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150517/69064a46/attachment.html>


More information about the OWASP-Leaders mailing list