Visualizing and Managing Threats Early in Development
Incorporating threat modeling into the software development lifecycle is one of the most effective ways to build secure applications from the ground up. OWASP Threat Dragon is a powerful, free, and open-source tool that empowers development and security teams to identify potential threats early—before they become costly vulnerabilities.
In this introductory session, we’ll explore how Threat Dragon fits into a modern DevSecOps workflow and how it can be used to create clear, actionable threat models through intuitive data flow diagrams. We'll walk through a live demo of creating a threat model, show how Threat Dragon suggests mitigations, and discuss how teams can integrate it into existing Agile or DevOps processes. Whether you're new to threat modeling or looking for a streamlined, accessible tool to enhance your security posture, this talk will provide a solid foundation to get started with OWASP Threat Dragon.