|OWASP Threat Dragon Project|
Project: Leader: Mike Goodwin Github Link
- Is cross-platform
- Is easy and enjoyable to use
- Integrates well with other SDLC tools
- Has a powerful threat generation rule engine
- The original working prototype has been given a major architecture review. This was my first node.js project and my first significant Angular application so there were quite a few kinks to be straightened out. Also, I completely rethought the model storage approach - originally it was using browser local storage like Mozilla SeaSponge, but this turned out to be problematic in practice.
- A web application variant that uses GitHub as a backend for storing model files. I have plans to add support for BitBucket and possibly other backends soon. This source control system integration is key to the success of the project IMO and I have lots of plans for deeper and better integration in the future.
- An installable, cross-platform desktop variant based on Electron and using the local file systems for model storage. This is important for people who use a source control system that is not supported by the web app variant, or for people who want to evaluate the tool without giving it access to their repos. The desktop variant shares >85% of it's code with the web app variant - including most of it's UI. This is critical to make it manageable by a small team (just me at the moment!). The desktop app is still a little rough around the edges compared to the web app (e.g. no auto-update on OSX yet) but it is getting there and most of my effort on the project is going into that at the moment.
- Good unit test coverage (>90%). Quality is not just for Flagship projects - Incubator projects need it too!