SeaSponge is an accessible web-based threat modeling tool developed for Mozilla Winter of Security 2014. This web-based application is being developed with three characteristics in mind: Accessibility: We want everyone to be able to map out their infrastructures and generate security reports on any operating-system and on any browser. Aesthetics: We're tired of clunky, boring interfaces - we want to bring the pizazz into threat-modeling. Intuitive User-Experience: We hate manuals, and we want you to be able to use this software without one. Please see http://mozilla.github.io/seasponge/ for a live demo of the application. There is also a video on Air Mozilla available at https://air.mozilla.org/mozilla-winter-of-security-seasponge-a-tool-for-easy-threat-modeling/ Example Threat Model developed with SeaSponge Here is a share link for the SeaSponge threat model we developed in our Air Mozilla demo video: http://goo.gl/Q8mt0T Usage See our Usage page in our Wiki for more details. Authors Mathew Kallada Glavin Wiechert Joel Kuntz Sarah MacDonald With Mozilla Advisor Curtis Koenig and Professor Dr. Pawan Lingras Contributing Please see our Contributing Guidelines
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
Scan files or process memory for Cobalt Strike beacons and parse their configuration.
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.
Open-source initiative providing malicious and benign datasets to expedite data analysis and threat research.
A library of Amazon S3 attack scenarios with mitigation strategies.
PINNED

Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.