List of Threat Modeling Tools

Threat modeling tools are used to perform systematic analysis of attack vectors by helping you analyze some of the following questions:

• Which are high-value assets?
• What does attacker profile may look like?
• Which are most vulnerable areas in the application which can be attacked by the hackers?
• What are most relevant threats to the application?
• Are there one or more attack vectors which can go unnoticed?

Following is the list of top 5 threat modeling tools you may keep handy for threat modeling:

• • Microsoft Free SDL Threat Modeling Tool: Tool from Microsoft that makes threat modeling easier for all developers by providing guidance on creating and analyzing threat models. Following diagram displays the SDL threat modeling process. Greater details can be found on this page, Getting Started with Threat Modeling Tool

    Figure 1. Threat Modeling process

    Following are some of the capabilities of this tool:

    • • Automation
      • Guided analysis of threats and mitigation
      • Reporting

• • SecuriCad by Forseeti (Commercial tool): As per the page, securiCAD is a threat modelling and risk management tool that enables you, the user, to get a holistic understanding of your IT infrastructure, incorporating risks from both structural and technical vulnerabilities. Here is a two minute demo on the tool:
  • ThreatModeler: A tool for enterprise threat modeling. Here is a ThreatModeler YouTube channel comprising of multiple videos on ThreatModeler. Here is a sample video:
  • Irius Risk by Continuum Security: As per the webpage, this tool helps create a threat model and derive security requirements in no time using a straightforward questionnaire based system. Following is a sample video:
  • SD Elements by Security Compass: A threat management platform