threat-dragon icon indicating copy to clipboard operation
threat-dragon copied to clipboard
verified publisher icon OWASP

Integration between Cornucopia and Threat Dragon

Open jgadsden opened this issue 2 months ago • 3 comments

Describe what problem your feature request solves: Provide Cornucopia and EoP focused threat modeling within OWASP Threat Dragon for easier and more comfortable use of threat elicitation, while playing the game, and a better gaming experience.

Describe the solution you'd like: An API hosted at cornucopia.owasp.org will provide the card codes to build the template for the EoP diagram based on the existing STRIDE diagram type.

Additional context: Possible solution : Card codes will be fetched during the OWASP Threat Dragon build process through an API hosted at cornucopia.owasp.org to build the template for the EoP diagram based on the existing STRIDE diagram type. The new diagram will be identical except for that the threat model will contain support for selecting a specific EoP game and the card played.

Image

Suggested tasks:

jgadsden avatar Nov 02 '25 22:11 jgadsden

Adding the Threat Dragon model json: Integration between OWASP Cornucopia and OWASP Threat Dragon.json

sydseter avatar Nov 07 '25 14:11 sydseter

Thanks for the .json @sydseter There are many possible implementations, one possibility is that a new diagram type could be defined (for example 'Cornucopia') and instead of the STRIDE categories it could have the Cornucopia categories drop down list in the Threat dialog:

  • Data validation & encoding
  • Authentication
  • Session management
  • Authorization
  • Cryptography
  • Cornucopia
  • Wild card

Then depending on the category chosen a further drop down could select cards within that category, ideally including a thumbnail of the any card selected. I agree that I may be asking for the moon :)

jgadsden avatar Nov 09 '25 10:11 jgadsden

The api has the categories added to the section field:

webapp: https://cornucopia.owasp.org/api/cre/webapp/en (supported languages: "en", "es", "fr", "nl", "no-nb", "pt-br", "pt-pt", "it", "ru", "hu") mobileapp: https://cornucopia.owasp.org/api/cre/mobileapp/en (supported languages: "en")

How the cards look: https://cornucopia.owasp.org/cards

sydseter avatar Nov 12 '25 15:11 sydseter