Files
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

2.0 KiB

API Reference: Threat Modeling with OWASP Threat Dragon

Threat Dragon JSON Model Structure

Field Description
version Threat Dragon version (e.g., "2.2.0")
summary.title Threat model name
summary.owner Model owner
detail.diagrams[] Array of DFD diagrams
detail.diagrams[].cells[] DFD elements within a diagram
detail.diagrams[].diagramType Methodology (STRIDE, LINDDUN, CIA)

DFD Element Types

Type Threat Dragon Class STRIDE Categories
Process tm.Process S, T, R, I, D, E
Data Store tm.Store T, I, D
Data Flow tm.Flow T, I, D
External Entity tm.Actor S, R
Trust Boundary tm.Boundary N/A

STRIDE Categories

Letter Threat Mitigation
S Spoofing Strong authentication, MFA
T Tampering Integrity checks, HMAC
R Repudiation Audit logging
I Information Disclosure Encryption, least privilege
D Denial of Service Rate limiting, auto-scaling
E Elevation of Privilege RBAC, authorization checks

Threat Status Values

Status Description
Open Threat needs mitigation
Mitigated Controls address the threat
Not Applicable Threat does not apply

Docker Deployment

docker run -p 3000:3000 \
  -e ENCRYPTION_JWT_SIGNING_KEY=$(openssl rand -hex 32) \
  -e ENCRYPTION_JWT_REFRESH_SIGNING_KEY=$(openssl rand -hex 32) \
  owasp/threat-dragon:latest

Python Libraries

Library Version Purpose
json stdlib Threat Dragon model serialization
uuid stdlib Generate unique element IDs

References