This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Jump to: navigation, search
OWASP Project Header.jpg

Project About

What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: PyTM
Purpose: A Pythonic framework for threat-modeling-from-code
License: MIT License
who is working on this project?
Project Leader(s):
  • Izar Tarandach
  • Matthew J. Coles
Project Contributor(s):
  • Rohit Shambhuni
  • Nick Ozmore
  • Pooja Ahvad
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation: AppSecCali 2019 - Threat Model Every Story: Practical Continuous Threat Modeling Work for Your Team - View
Mailing list: N/A
Project Roadmap: Not Yet Created
Key Contacts
  • Contact Izar Tarandach to contribute to this project
  • Contact Izar Tarandach to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases


PyTM is an effort to enable developers to create and maintain threat models in a way that is natural for them, using a familiar OO syntax (Python, but should be generic enough to enable any developer with minimal OO experience to use it) to describe a system in terms of its elements and their attributes, in a way that can be easily shared, version-controlled and collaborated on.

That description is a self-enclosed Python script that when run generates diagrams (DFDs and sequence), threats (based on a library of rules) and reports (joining diagrams and threats).


This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful.


This program is free software: you can redistribute it and/or modify it under the terms of the MIT License as published by the Massachusetts Institute of Technology. OWASP PyTM and any contributions are Copyright © by the Project Leader(s).


As of November, 2013, the highest priorities for the next 6 months are:

  • Complete the first draft of the Tool Project Template
  • Get other people to review the Tool Project Template and provide feedback
  • Incorporate feedback into changes in the Tool Project Template
  • Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project

Subsequent Releases will add

  • Internationalization Support
  • Additional Unit Tests
  • Automated Regression tests

Getting Involved

Involvement in the development and promotion of Tool Project Template is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

Project Resources

This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc.

Installation Package

Source Code

What's New (Revision History)


Wiki Home Page

Issue Tracker

Slide Presentation


Project Leader

Izar Tarandach

Matthew J. Coles

Related Projects


Project Type Files TOOL.jpg
Incubator Project
MIT License