AppSec Village - Threagile: Agile Threat Modeling with Open-Source Tools from within Your IDE

Cite

DEF CON

Schneider, Christian

Formal Metadata

Title

AppSec Village - Threagile: Agile Threat Modeling with Open-Source Tools from within Your IDE

Title of Series

DEF CON Safe Mode

Number of Parts

374

Author

Schneider, Christian

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/51621 (DOI)

Publisher

DEF CON

Release Date

2020

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

The open-source tool Threagile enables agile teams to create a threat model directly from within the IDE using a declarative approach: Given information about the data assets, technical assets, communication links, and trust boundaries as input in a simple to maintain YAML file, it executes a set of over 40 built-in risk rules, which can be extended with custom risk rules, against the processed model. The resulting artifacts are graphical diagrams, Excel, and PDF reports about the identified risks, their rating, and the mitigation steps as well as risk tracking state. DevSecOps pipelines can be enriched with Threagile as well to process the JSON output.