Threat Modeling
for Security Teams

ThreatTree lets your security team organise threat models into forests of trees — add a Data Flow Diagram to map your system, or an Attack Tree to decompose a threat — so every risk stays grounded in your architecture and gets mitigated before it's exploited.

Get started free See how it works ↓

Structured threat intelligence.
Board-ready evidence.

ThreatTree gives Architects the precision to decompose threats to the atomic attack step, and gives CISOs the evidence to defend every risk decision — all in one platform.

  • Architecture-Anchored Threats

    Model your system with DFDs — processes, data stores, trust boundaries, and external entities. Every threat is grounded in a real architecture element, not a floating assumption in a spreadsheet.

  • Attack Path Decomposition

    Break each threat into an Attack Tree with AND/OR logic — from high-level attacker goal to atomic step. Every tree links back to the exact DFD node it targets, keeping risk grounded in your architecture.

  • Multi-Framework Threat Tagging

    Tag every node with STRIDE, LINDDUN, OWASP Top 10, CAPEC, or MITRE ATT&CK. See which frameworks your model covers and where the gaps are — before an auditor or attacker finds them first.

  • Standards-Based Controls

    Map every mitigation to ISO 27001:2022, NIST SP 800-53 Rev 5, CIS Controls v8, PCI DSS v4.0, NIST CSF 2.0, or SOC 2. Each control is traceable to a named standard — evidence your auditors and regulators recognize.

  • Prioritized Risk Register

    Likelihood × Impact scoring generates a ranked risk register automatically across every tree in a forest. Know what to remediate first — backed by structured, auditable evidence rather than gut feel.

  • Board-Ready PDF Reports

    Generate executive-ready reports with risk summaries, ranked registers, cross-reference tables, and architecture appendices in a single PDF. Designed for board presentations, audit submissions, and compliance reviews.

  • Team Collaboration & RBAC

    Invite architects, developers, and compliance leads with owner, editor, or viewer roles. Everyone contributes to the same threat model — no version conflicts, no stale exports sent over email.

  • Optional AES-256 Forest Encryption

    Choose to lock any forest with a browser-generated AES-256-GCM key. The server stores only ciphertext — your key never leaves your device, and a full database breach exposes nothing readable. Available on every plan, including Free.

How it works

From zero to a live risk register in five steps.

  1. Create a Forest

    Define scope, name your stakeholders, and invite your team. A forest is the container for everything that follows.

  2. Add a Data Flow Diagram tree

    Model your system — processes, data stores, trust boundaries, external entities — so every threat has a place to live in your architecture.

  3. Add Attack Trees linked to your DFD

    For each threat, add an Attack Tree. Link it to the DFD and decompose the threat with AND/OR gates down to atomic attack steps.

  4. Map & Prioritise Risks

    Score nodes by likelihood and impact. A ranked risk register is generated automatically across all trees in the forest.

  5. Share & Report

    Export to PDF for board and audit submissions, JSON for programmatic use, or STIX 2.1 to feed your threat intelligence pipeline.

Start modeling threats today

Free plan available — no credit card required. Be up and running in minutes.

Get started free View pricing