OWASP Threat Modeling Playbook (OTMP)

Current location

We published the Threat Modeling Playbook in markdown in an OWASP GitHub repository.


We aim to improve product and software security with our new OWASP threat modeling playbook. We consider threat modeling as a foundational activity to improve your software assurance. We are convinced that a good threat modeling practice will measurably decrease security issues of delivered products.

We hope you will use this playbook to improve your threat modeling practice. We also encourage you to provide feedback to our OWASP threat modeling community in order to make this playbook even better in our next release.

I thank our collaborators (in alphabetic order): Jonas Muylaert, Joris Van den Broeck, Sebastien Deleersnyder, Steven Wierckx and Thomas Heyman to help us create this first release. I also thank Toreon for its decision to donate this work to the threat modeling community.

Sebastien Deleersnyder

OWASP volunteer

10 September 2020

Threat modeling community

We can be found on the following OWASP Threat Modeling Slack channel.
If you want to join our Slack channel but the direct link doesn’t work, you need an invitation. Get it here.

Input and project roadmap

We are currently gathering feedback and input from the community for our next 1.1 release.
Feel free to suggest fixes, feedback or input through our GitHub issues tracker.

Project roadmap

We plan the following updates to our playbook (version 1.1) by end of 2023:

  • include a list of threat modeling methodologies
  • include a list of threat modeling tools
  • add references to other OWASP threat modeling projects and resources


Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.

Project sponsors

OWASP Threat Modeling Playbook thanks its structural project supporters


If you want to support our project, please contact Seba Deleersnyder.