Scaling threat modeling?
More documentation won't help you.
More documentation leads to checkbox compliance, missed opportunities, and analysis paralysis.
Value:
-A culture of finding and fixing design issues over checkbox compliance
-People and collaboration over processes, methodologies, and tools
-A journey of understanding over a security or privacy snapshot
-Doing threat modeling over talking about it
-Continuous refinement over a single delivery
- Agile Threat Modeling Manifesto (1/4)
OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams in identifying security requirements in Agile development processes. It is language, platform, and technology-agnostic.
So play OWASP Cornucopia!
The new Companion Edition v1.0 comes with 6 companion suits covering new topics: Agentic AI (AAI), Automated Threats (BOT), Cloud (CLD), Frontend (FRE), Large Language Models (LLM), and DevOps (DVO).
(2/4)
A suit in the Companion deck may replace (or be used in addition to) existing suits.
For example, say you are building an LLM application and want to perform threat modeling and security requirement analysis specifically for LLM.
You would then use the OWASP Cornucopia Website Edition and the LLM companion suit as your elected OWASP Cornucopia focus area.
This, immediately available at copi.owasp.org
You can also download the design files from the latest release. https://github.com/OWASP/cornucopia/releases/tag/v3.0.0
sydseter
