Interactive Threat Model Canvas¶

A structured, interactive threat modeling tool combining STRIDE and DREAD frameworks. Define your system architecture, identify threats across six categories, score risks with two industry-standard methodologies, and track mitigations to closure.

Companion Resources

Application Security — secure development lifecycle and threat modeling foundations
DevSecOps Pipeline — integrating security into CI/CD
Web Application Security — OWASP Top 10 and web-specific threats
Attack Path Builder — build adversary attack chains with ATT&CK mapping

Keyboard Shortcuts

T = New Threat | M = New Mitigation | E = Export Report | R = Reset Canvas | 1-4 = Switch Panels

Load Template:

0Threats

0Critical/High

0Mitigated

0%Coverage

System Definition

Define the system under analysis. All fields use synthetic data only.

System Name

Architecture Type

Data Classification

System Description

Trust Boundaries

No trust boundaries defined. Click "+ Add Boundary" to start.

Data Flows

No data flows defined. Click "+ Add Flow" to start.

Entry Points

No entry points defined. Click "+ Add Entry Point" to start.

STRIDE Threat Analysis

Identify threats for each STRIDE category. Click a category to filter, or view all.

No threats identified yet. Click "+ Add Threat" or press T to start.

Risk Matrix (Likelihood vs Impact)

Impact

Likelihood

Low (1-4) Medium (5-9) High (10-16) Critical (17-25)

DREAD Risk Scoring

Apply DREAD scoring as an alternative risk assessment for identified threats.

Add threats in the STRIDE panel first, then apply DREAD scoring here.

DREAD Score Distribution

No DREAD scores assigned yet.

Mitigation Tracker

Plan and track mitigations for each identified threat.

No mitigations planned yet. Click "+ Add Mitigation" or press M to start.

Mitigation Coverage

Not Started

0

In Progress

0

Implemented

0

Verified

0

How to Use This Tool¶

Workflow¶

Define your system (Panel 1) — name it, classify the data, describe the architecture, and map out trust boundaries, data flows, and entry points.
Identify threats (Panel 2) — for each component or data flow, add threats categorized by STRIDE. Assign likelihood and impact scores.
Score with DREAD (Panel 3) — optionally apply the DREAD framework for a second risk perspective on each threat.
Plan mitigations (Panel 4) — link controls to threats, assign owners, and track implementation status.
Export the report (E key or button) — generate a formatted text report for documentation and stakeholder review.

STRIDE Framework Reference¶

Category	Question	Example Threats
Spoofing	Can an attacker pretend to be someone/something else?	Credential theft, session hijacking, certificate spoofing
Tampering	Can data be modified without detection?	SQL injection, man-in-the-middle, log manipulation
Repudiation	Can actions be denied or hidden?	Missing audit logs, unsigned transactions, timestamp manipulation
Information Disclosure	Can sensitive data be exposed?	Data leaks, verbose errors, insecure storage, side-channel attacks
Denial of Service	Can the system be made unavailable?	Resource exhaustion, amplification attacks, single points of failure
Elevation of Privilege	Can access controls be bypassed?	IDOR, JWT manipulation, RBAC misconfiguration, kernel exploits

DREAD Scoring Guide¶

Dimension	1-3 (Low)	4-6 (Medium)	7-10 (High)
Damage	Minor inconvenience	Significant data loss	Complete system compromise
Reproducibility	Rare, specific conditions	Reproducible with effort	Easily automated
Exploitability	Requires deep expertise	Moderate skill needed	Script kiddie level
Affected Users	Single user	Subset of users	All users
Discoverability	Requires insider knowledge	Findable with research	Publicly known