Use OWASP Threat Dragon to create data flow diagrams, identify threats using STRIDE and LINDDUN methodologies, and generate threat model reports for secure design review.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionperforming-threat-modeling-with-owasp-threat-dragonExecute the skills CLI command in your project's root directory to begin installation:
Fetches performing-threat-modeling-with-owasp-threat-dragon from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate performing-threat-modeling-with-owasp-threat-dragon. Access via /performing-threat-modeling-with-owasp-threat-dragon in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
8.6K
stars
| name | performing-threat-modeling-with-owasp-threat-dragon |
| description | Use OWASP Threat Dragon to create data flow diagrams, identify threats using STRIDE and LINDDUN methodologies, and generate threat model reports for secure design review. |
| domain | cybersecurity |
| subdomain | devsecops |
| tags | - threat-modeling - owasp - threat-dragon - stride - linddun - secure-design - dfd - data-flow |
| version | '1.0' |
| author | mahipal |
| license | Apache-2.0 |
| nist_ai_rmf | - MEASURE-2.7 - MAP-5.1 - MANAGE-2.4 |
| atlas_techniques | - AML.T0070 - AML.T0066 - AML.T0082 |
| nist_csf | - PR.PS-01 - GV.SC-07 - ID.IM-04 - PR.PS-04 |
OWASP Threat Dragon is an open-source threat modeling tool that enables security teams and developers to create threat model diagrams, identify threats using established methodologies (STRIDE, LINDDUN, CIA, DIE, PLOT4ai), and generate comprehensive reports. Threat Dragon runs as both a web application and desktop application (Windows, macOS, Linux), supporting distributed teams working collaboratively on threat models. Version 2.x provides drag-and-drop diagram creation, an auto-generation rule engine for threats and mitigations, and PDF report output for documentation and GRC compliance.
| Category | Threat Type | Description | Example |
|---|---|---|---|
| S | Spoofing | Impersonating a user or system | Stolen session tokens |
| T | Tampering | Modifying data in transit or at rest | SQL injection altering records |
| R | Repudiation | Denying an action occurred | Missing audit logs |
| I | Information Disclosure | Exposing sensitive data | API returning excessive fields |
| D | Denial of Service | Making a service unavailable | Resource exhaustion attack |
| E | Elevation of Privilege | Gaining unauthorized access | Broken access control |
| Category | Threat Type | Description |
|---|---|---|
| L | Linkability | Associating data items across contexts |
| I | Identifiability | Identifying an individual from data |
| N | Non-repudiation | Inability to deny an action (privacy risk) |
| D | Detectability | Determining if data about a subject exists |
| D | Disclosure | Exposing personal information |
| U | Unawareness | User unaware of data collection |
| N | Non-compliance | Violating privacy regulations |
Desktop Application: Download the installer from the OWASP Threat Dragon releases page for Windows (.exe), macOS (.dmg), or Linux (.AppImage/.deb/.rpm).
Web Application (Docker):
docker run -p 3000:3000 \
-e ENCRYPTION_JWT_SIGNING_KEY=$(openssl rand -hex 32) \
-e ENCRYPTION_JWT_REFRESH_SIGNING_KEY=$(openssl rand -hex 32) \
-e ENCRYPTION_KEYS='[{"isPrimary":true,"id":0,"value":"'$(openssl rand -hex 16)'"}]' \
-e NODE_ENV=production \
owasp/threat-dragon:latest
Before creating diagrams, document the scope:
In Threat Dragon, create a new threat model and add diagrams using the following DFD elements:
Processes: Applications, microservices, API endpoints that transform data. Represented as circles/rounded rectangles.
Data Stores: Databases, file systems, caches, message queues that persist data. Represented as parallel lines.
External Entities: Users, external systems, third-party services outside the trust boundary. Represented as rectangles.
Data Flows: Communication channels between elements showing data direction. Represented as arrows with labels describing the data.
Trust Boundaries: Dashed lines separating zones of different trust levels (internet/DMZ/internal network, user/admin).
For each DFD element, apply the STRIDE methodology:
| Element Type | Applicable STRIDE Categories |
|---|---|
| External Entity | Spoofing, Repudiation |
| Process | Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege |
| Data Store | Tampering, Information Disclosure, DoS |
| Data Flow | Tampering, Information Disclosure, DoS |
Threat Dragon's rule engine automatically suggests threats based on element types. Review each suggestion and mark as:
For each open threat, document:
Threat Dragon produces PDF reports containing:
Threat Dragon uses JSON format for threat models, enabling version control and programmatic manipulation:
{
"version": "2.2.0",
"summary": {
"title": "E-Commerce Application",
"owner": "Security Team",
"description": "Threat model for the checkout flow"
},
"detail": {
"contributors": [
{"name": "Security Architect"}
],
"diagrams": [
{
"id": 0,
"title": "Checkout Flow",
"diagramType": "STRIDE",
"cells": []
}
]
}
}
Threat Dragon participates in the CycloneDX Threat Model Bill of Materials (TMBOM) effort, enabling export to a common format that can be consumed by other threat modeling tools and GRC platforms, preventing vendor lock-in.
Prerequisites
Time Estimate
15-45 minutes depending on use case complexity
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
I recommend performing-threat-modeling-with-owasp-threat-dragon for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
performing-threat-modeling-with-owasp-threat-dragon is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
Useful defaults in performing-threat-modeling-with-owasp-threat-dragon — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
Registry listing for performing-threat-modeling-with-owasp-threat-dragon matched our evaluation — installs cleanly and behaves as described in the markdown.
Solid pick for teams standardizing on skills: performing-threat-modeling-with-owasp-threat-dragon is focused, and the summary matches what you get after install.
We added performing-threat-modeling-with-owasp-threat-dragon from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
performing-threat-modeling-with-owasp-threat-dragon has been reliable in day-to-day use. Documentation quality is above average for community skills.
Keeps context tight: performing-threat-modeling-with-owasp-threat-dragon is the kind of skill you can hand to a new teammate without a long onboarding doc.
performing-threat-modeling-with-owasp-threat-dragon is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
I recommend performing-threat-modeling-with-owasp-threat-dragon for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
showing 1-10 of 34