List of Threat Modeling Tools

Threat Modeling Flow




Threat modeling tools are used to perform systematic analysis of attack vectors by helping you analyze some of the following questions:

  • Which are high-value assets?
  • What does attacker profile may look like?
  • Which are most vulnerable areas in the application which can be attacked by the hackers?
  • What are most relevant threats to the application?
  • Are there one or more attack vectors which can go unnoticed?

Following is the list of top 5 threat modeling tools you may keep handy for threat modeling:

    • Microsoft Free SDL Threat Modeling Tool: Tool from Microsoft that makes threat modeling easier for all developers by providing guidance on creating and analyzing threat models. Following diagram displays the SDL threat modeling process. Greater details can be found on this page, Getting Started with Threat Modeling Tool
      Threat Modeling process

      Figure 1. Threat Modeling process

      Following are some of the capabilities of this tool:

        • Automation
        • Guided analysis of threats and mitigation
        • Reporting
    • SecuriCad by Forseeti (Commercial tool): As per the page, securiCAD is a threat modelling and risk management tool that enables you, the user, to get a holistic understanding of your IT infrastructure, incorporating risks from both structural and technical vulnerabilities. Here is a two minute demo on the tool:
    • ThreatModeler: A tool for enterprise threat modeling. Here is a ThreatModeler YouTube channel comprising of multiple videos on ThreatModeler. Here is a sample video:
    • Irius Risk by Continuum Security: As per the webpage, this tool helps create a threat model and derive security requirements in no time using a straightforward questionnaire based system. Following is a sample video:
    • SD Elements by Security Compass: A threat management platform
Ajitesh Kumar
Follow me
Latest posts by Ajitesh Kumar (see all)

Ajitesh Kumar

I have been recently working in the area of Data analytics including Data Science and Machine Learning / Deep Learning. I am also passionate about different technologies including programming languages such as Java/JEE, Javascript, Python, R, Julia, etc, and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data, etc. For latest updates and blogs, follow us on Twitter. I would love to connect with you on Linkedin. Check out my latest book titled as First Principles Thinking: Building winning products using first principles thinking
Posted in Application Security. Tagged with .

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload the CAPTCHA.