Threat Modeling Wizard
Build comprehensive threat models using STRIDE decomposition and DREAD scoring methodology. Walk through application profiling, threat identification, risk scoring, and mitigation planning with auto-generated threat lists and prioritized recommendations.
Want to learn more?
Build threat models using STRIDE and DREAD methodologies for proactive security architecture.
Read the guideStarting Threat Modeling?
Our security architects conduct threat modeling workshops and embed security into your SDLC.
What Is Threat Modeling
Threat modeling is a structured approach to identifying, quantifying, and addressing security threats to a system. Rather than waiting for vulnerabilities to be discovered through penetration testing or real attacks, threat modeling proactively analyzes system architecture to find potential weaknesses before code is written or infrastructure is deployed.
Threat modeling answers four fundamental questions: What are we building? What can go wrong? What are we going to do about it? Did we do a good job? This systematic process is recommended by OWASP, NIST, and Microsoft as an essential component of secure software development lifecycle (SSDLC) practices.
Threat Modeling Frameworks
| Framework | Approach | Best For | Key Output |
|---|---|---|---|
| STRIDE | Categorize threats by type | Software applications | Threat list organized by S/T/R/I/D/E categories |
| PASTA | Risk-centric, 7-stage process | Business-aligned security | Risk-ranked threat library with attack trees |
| LINDDUN | Privacy-focused threat categories | Privacy-sensitive systems | Privacy threat catalog |
| VAST | Visual, agile, scalable | Enterprise and agile teams | Application and operational threat models |
| Attack Trees | Hierarchical decomposition of attacks | Specific attack scenarios | Tree diagrams showing attack paths and prerequisites |
| OCTAVE | Organizational risk assessment | Enterprise risk management | Risk profiles and protection strategies |
STRIDE Categories
| Category | Threat Type | Example | Countermeasure |
|---|---|---|---|
| Spoofing | Pretending to be someone else | Forged authentication tokens | Strong authentication, MFA |
| Tampering | Modifying data without authorization | SQL injection, man-in-the-middle | Input validation, integrity checks |
| Repudiation | Denying an action was performed | Deleting audit logs | Secure logging, digital signatures |
| Information Disclosure | Exposing data to unauthorized parties | Unencrypted data in transit | Encryption, access controls |
| Denial of Service | Making a system unavailable | DDoS attacks, resource exhaustion | Rate limiting, redundancy |
| Elevation of Privilege | Gaining unauthorized access levels | Exploiting vulnerabilities for admin access | Least privilege, input validation |
Common Use Cases
- New application design: Identify threats during the architecture phase when they are cheapest to address
- Cloud migration: Model threats introduced by moving workloads to cloud environments (shared responsibility, new attack surface)
- Compliance requirements: NIST CSF, PCI DSS, and CMMC all recommend or require threat modeling as part of risk assessment
- DevSecOps integration: Embed lightweight threat modeling into sprint planning and design reviews
- Third-party risk: Model threats introduced by integrating third-party services, APIs, and components into your architecture
Best Practices
- Model early in the development lifecycle — Threat modeling during design is 10-100x cheaper than fixing security issues found in production. Make it part of your architecture review process.
- Use data flow diagrams (DFDs) — Visualize your system as processes, data stores, data flows, and trust boundaries. Apply STRIDE to each element crossing a trust boundary.
- Involve diverse perspectives — Include developers, architects, operations, and security in threat modeling sessions. Each role identifies different threats based on their expertise.
- Prioritize by risk, not by count — Not all threats need immediate mitigation. Use risk scoring (likelihood x impact) to prioritize remediation of the most dangerous threats first.
- Iterate continuously — Threat models are living documents. Update them when architecture changes, new features are added, or new attack techniques emerge.
Frequently Asked Questions
Common questions about the Threat Modeling Wizard
STRIDE is a threat classification framework developed by Microsoft. Each letter represents a threat category: Spoofing (identity), Tampering (data integrity), Repudiation (deniability), Information Disclosure (confidentiality), Denial of Service (availability), and Elevation of Privilege (authorization). It helps systematically identify threats to a system.
DREAD scores each threat on five criteria from 1-10: Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability. The overall DREAD score is the average of all five values (sum divided by 5). Higher scores indicate more critical threats that should be prioritized for mitigation.
Threat modeling should be performed during the design phase of any system or application, before significant code is written. It should be revisited when the architecture changes, new features are added, or new threat intelligence emerges. Regular reviews (at least annually) help catch evolving threats.
STRIDE focuses on threat categories and is best for application-level analysis. PASTA (Process for Attack Simulation and Threat Analysis) is risk-centric with 7 stages. VAST (Visual, Agile, and Simple Threat) scales for enterprise use. Attack trees map specific attack paths. This tool uses STRIDE for identification and DREAD for prioritization.
Use DREAD scores to rank threats numerically. Focus first on threats with high Damage and Exploitability scores, as these represent the greatest risk. Consider your risk appetite and budget when deciding which threats to accept, mitigate, transfer, or avoid. The tool generates a prioritized mitigation plan based on scores.
Explore More Tools
Continue with these related tools
ℹ️ Disclaimer
This tool is provided for informational and educational purposes only. All processing happens entirely in your browser - no data is sent to or stored on our servers. While we strive for accuracy, we make no warranties about the completeness or reliability of results. Use at your own discretion.