Threat modeling is a crucial but often neglected part of developing, implementing and operating any system. If you have no mental model of a system or its strengths and weaknesses it is extremely difficult to secure it correctly.<\/p>\n
In an effort to help make threat modeling easier a Mozilla Winter of Security (MWOS) team<\/a> has developed Seasponge, a browser-based graphical threat modeling tool. Written specifically for the browser environment, the tool requires no special addons or plugins and allows one to quickly and easily diagram a system and its data flows and begin the important work of focusing on threats.<\/p>\n A demo is worth a thousand meetings and the team of Joel Kuntz, Sarah MacDonald, Glavin Wiechert, Mathew Kallada and professor Dr. Pawan Lingras from Saint Mary\u2019s University<\/a> in Halifax, Nova Scotia has been generous enough to put together a video explaining the project along with a quick demo:<\/p>\n