Feature Suggestion: Automated Threat Mapping and Control Correlation

[z4l1nux]

Description:
I propose adding a feature to OWASP Threat Dragon that automatically maps threats and mitigations from STRIDE to CAPEC and CWE, and allows for the search of attacks and controls within the tool's interface. This enhancement would streamline the threat modeling process and provide users with direct access to detailed information about threats and mitigations.

Key Features:
Automated Threat Mapping:

• After drawing a DFD and identifying threats using STRIDE, the tool will automatically assign related threats and mitigations from CAPEC and CWE.

Search Functionality:

• Users will have the ability to search for specific attacks and controls in CAPEC and CWE directly from the Threat Dragon interface.

Correlation with ASVS:

• Map DFD STRIDE threats to CAPEC -> CWE -> ASVS controls, providing a comprehensive view of mitigations and compliance.

Report Generation:

• Generate detailed reports that include DFD, identified threats, suggested mitigations, and correlations with ASVS controls.

Benefits:

• Streamlines the threat modeling process.

• Provides easy access to comprehensive threat and mitigation data.

• Enhances the value of Threat Dragon by integrating with established security standards (CAPEC, CWE, ASVS).

[jgadsden]

certainly it sounds attractive, although it may be a lot of work initially