STRIDE · Threat Modeling · SOC 2 · ISO 27001
The threat model your auditor asked for. Without hiring a security engineer.
Describe your system in plain English. ThreatMapper produces a complete STRIDE threat model — ranked risks, concrete mitigations, SOC 2 / ISO 27001 control mappings — as an editable document you can hand to auditors and enterprise customers.
Free — no card, no signup. First model in about 3 minutes.
| ID | Threat | STRIDE | Risk |
|---|---|---|---|
| T-01 | JWT signing key reuse across environments | Spoofing | 20 |
| T-04 | IDOR on /api/invoices/:id — no tenant scoping | Info Disclosure | 16 |
| T-07 | Webhook endpoint accepts unsigned payloads | Tampering | 12 |
| T-11 | No audit trail on role changes | Repudiation | 9 |
Why this exists
Your enterprise deal is stuck on a security questionnaire. The auditor wants a threat model. Nobody on your team has done one.
01
Describe your system
Paste an architecture summary — stack, data, deployment, auth. Two minutes of typing. No security vocabulary needed.
02
Get a real STRIDE model
Components, trust boundaries, assets, and 8–18 specific threats with attack scenarios — each scored by likelihood × impact and ranked.
03
Edit, export, hand to the auditor
Every section is editable. Export Markdown or print-ready report with SOC 2 and ISO 27001 control mappings on Pro.
Built for the moment an enterprise prospect, a bank partner, or a SOC 2 auditor says “send us your threat model” — and your team has never written one.
Early adopter? Tell us what your auditor said — we’ll feature you here.
Start free — one model on us