Question 1

What is threat modelling?

Accepted Answer

Threat modelling is a structured process for identifying, prioritising, and mitigating security threats to a system. It involves mapping out your architecture, identifying potential attack vectors, and determining appropriate security controls. ThreatModelling.io automates this process by letting you visually build your system diagram and instantly generating relevant threats.

Question 2

What is STRIDE methodology?

Accepted Answer

STRIDE is a threat categorisation framework developed by Microsoft. It stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. ThreatModelling.io maps every identified threat to a STRIDE category so you can understand the nature of each risk.

Question 3

Is ThreatModelling.io free to use?

Accepted Answer

Yes, ThreatModelling.io is completely free. No signup or account is required. All data stays in your browser — nothing is sent to any server.

Question 4

Does ThreatModelling.io support AWS, Azure, and Google Cloud?

Accepted Answer

Yes. ThreatModelling.io includes a comprehensive library of services from AWS, Microsoft Azure, Google Cloud Platform (GCP), and self-hosted infrastructure. Each service has pre-mapped threats specific to that technology.

Question 5

What is MITRE ATT&CK and how is it used in threat modelling?

Accepted Answer

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. ThreatModelling.io maps each identified threat to specific MITRE ATT&CK technique IDs, giving security teams a common language and actionable intelligence for detection and response.

Question 6

Can I export my threat model?

Accepted Answer

Yes. ThreatModelling.io supports exporting your threat model as a JSON file (for reimporting later), a PDF report, and a Markdown document suitable for including in project documentation or wikis.