Threat Model
Run a quick STRIDE-style threat model with risk levels for your web app.
Describe Your Application
Answer a few questions to generate a threat model (2–3 minutes)
Features
- Guided STRIDE threat modeling questionnaire
- Auto-generated threat list based on your application characteristics
- Risk prioritization matrix: likelihood × impact
- Mitigation recommendations for each identified threat
- Export threat model as structured JSON or PDF report
- Application type presets: Web App, API, Mobile, SPA
Common Use Cases
- Conduct a lightweight threat model for a new feature or service
- Identify security risks early in the design phase (before coding)
- Create a threat model document for a compliance audit (SOC 2, ISO 27001)
- Onboard developers to security thinking via guided questions
- Review security architecture before a product launch
Threat Modeling with STRIDE
Threat modeling is a structured approach to identifying and mitigating security risks during the design phase — when they are cheapest to address. The most common methodology is STRIDE, developed by Microsoft:
- Spoofing — Can an attacker impersonate a user, service, or component?
- Tampering — Can an attacker modify data in transit or at rest?
- Repudiation — Can a user deny performing an action (is there an audit trail)?
- Information Disclosure — Can an attacker access data they shouldn't?
- Denial of Service — Can an attacker disrupt service availability?
- Elevation of Privilege — Can an attacker gain higher permissions than intended?
Examples
Using a stolen JWT token → Mitigate: short expiry + revocation listModifying API request payload → Mitigate: input validation + HMAC signaturesRate limiting on auth endpoints → Mitigates: brute force, DoSFrequently Asked Questions
The best time is during the design phase, before writing a line of code. Changes to address design flaws are much cheaper than fixing them in production. However, threat modeling is valuable at any phase — doing it on an existing system is better than not doing it at all. Schedule a threat model for every new major feature, system integration, or architecture change.
STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) is a methodology for categorizing threats. For each component in your system, consider which STRIDE threats apply. This structured approach ensures you don't miss categories of threat that are less obvious.
It depends on the risk level of the system. For critical financial or healthcare systems, work with security engineers on a detailed data flow diagram (DFD) and thorough STRIDE analysis. For most features, a lightweight model (30–60 minutes with the team) using this tool is sufficient and far better than nothing.
The attack surface is the sum of all points where an attacker could try to enter or extract data from your system: API endpoints, web forms, file uploads, authentication interfaces, third-party integrations, and administrative interfaces. Minimizing attack surface (turning off unused features, restricting access) is a foundational security principle.
💡 Tips
- Run a threat modeling session with your team for every new major feature — even 30 minutes of structured thinking uncovers surprising risks.
- Focus first on threats that are both high likelihood AND high impact — address those before lower-risk items.
- Document your threat model and mitigations alongside your code (in a SECURITY.md or architecture doc) so the reasoning is preserved for future maintainers.
- Revisit your threat model after significant architecture changes — systems evolve and new threats emerge.