Search the Community

A trio of university undergraduates have worked with Mozilla to create an online threat modelling tool designed to help system administrators better understand the threats they face. The open source SeaSponge tool, developed under Mozilla's Winter of Security initiative, sports a graphical flow its designers say could be a replacement for Microsoft's free Threat Modelling Tool. Saint Mary's University students Sarah MacDonald, Joel Kuntz, and Glavin Wiechert built the tool. "SeaSponge allows you to model a system so that potential threats and risks can be identified," MacDonald says."It supports multiple diagrams to model logical sections of your system in separate locations. "Each diagram contains data flows and hardware and logical components" The trio says they developed the HTML5 tool because threat modelling, while important, is often missed in the software development lifecycle. The tool is built in part on Angularjs; jsPlumb; Bootstrap; CoffeeScript; Grunt; Bower, and Compass, and works on all browsers and operating systems. Developers focused on making SeaSponge easy to use and aesthetically pleasing to bring the "pizzazz" back into threat modeling. MacDonald says SeaSponge is still infancy and called on interested developers to contribute to its code. The Winter of Code project announcement follows the development of the Masche forensics tool which the browser giant had considered integrating into its architecture. Admins can play with a live demo of SeaSponge or download it from GitHub. Source+Video