Threat Modeling SDK

Threat Modeling SDK

AlertThis feature is available exclusively on the Enterprise Plans. Learn more.

This guide will walk you through using the Threat Model Software Development Kit (SDK), an innovative tool that enables you to build Threat Model labs that are both unique to your organization and available for future Threat Modeling training.



Use Cases

  1. Replace Whiteboards: Use our SDK instead of traditional whiteboards during Threat Modeling sessions.
  2. Create Labs from live Threat Model Sessions: Turn each live session into a hands-on lab on our platform using the SDK.
  3. Exclusive Learning: These labs are only accessible to your Organization, ensuring privacy.
  4. Onboard New Engineers Faster: New team members can jump into Threat Modeling labs relevant to their tasks. This helps them better understand their development responsibilities and supports their commencement by ensuring practicable knowledge has been attained.

Follow These Steps to Effectively Use The Threat Modeling SDK

Pre-Requisites:

In order to create new Labs, the user requires Organization Admin or Content Creator role.

Step 1: Accessing the Development SDK

  1. Log in to the Management Interface.
  2. Navigate to the Labs section.
  3. Click on the Add Lab button. This will lead you to the window shown in the diagram below.



Step 2: Specifying Details

When adding a lab, ensure you provide accurate information to ensure effective lab creation. Follow these guidelines:
  1. Fill in the Title and Subtitle of your lab.
  2. Author: Provide your company name.
  3. Lab Type: Select Threat Model.
  4. Lab Status: Choose Active.
  5. Description: Provide a detailed description of the lab.
  6. Max Duration: Set the maximum duration for the lab.
  7. Difficulty Level: Choose the appropriate level from Beginner to Advanced.
  8. Technology: Scroll down and select Threat Model.



Once all fields have been filled, proceed to the Diagram section and click the Launch SDK button.



Upon clicking, you will be directed to another tab where you can start creating your own diagram.

On this tab, you will be presented with the Threat Modeling SDK. The window will have a collection of tools on the right, with the majority of the screen serving as your canvas when crafting your Threat Model.



Step 3: Creating the Threat Model Diagram

  1. The blank space in the interface is where you can easily add nodes, establish connections, and design the flow as needed.

  2. To create a node, click one of the Add Entity, Add Process, or Add Data Store buttons. Each node should be given a descriptive title based on its purpose or function. Edit the titles according to your lab's requirements.

  3. Example: Let’s create a new Employee entity, then add a process named Door Controller followed by a data store named LDAP Server.

  4. You can connect the nodes by clicking and dragging from the side of the source node to the destination.



  5. Once you've added nodes, connect them as per your logic. You can label connections and even make them bi-directional, enhancing the clarity of your diagram.



  6. Setting Trust Boundaries:
    - Click anywhere on the whitespace of the canvas outside of your Threat Model; this will display an option to enter trust boundaries for your model.
    - If you have multiple trust boundaries in your Threat Model, list each one on a separate line.



  7. Assigning Boundaries:
    - Select a node by clicking on it to choose from the trust boundaries you had listed before.
    - Ensure each trust boundary is correctly aligned with the node's requirements.



  8. Setting the Available Threats and Controls:
    - Click outside the Threat Model in the whitespace of the canvas; this will display the available Threats/Controls library, which will be presented as a list on the right from which you can select the appropriate threat or control (scroll down the sidebar if needed).
    - Choose the threats and controls you want to include in your Threat Model.



    - Select a node by clicking on it to assign the chosen threats and controls. If you are converting this model to a lab, this will represent the actual solution of the lab.



NotesNote: For detailed information about a specific threat or control, simply click on the 'i' icon next to each one.



Step 4: Save to Lab

  1. Click on the Save to Lab button to save your progress.

  2. Import/Export: If necessary, you can export your work as a JSON file by clicking on the Export button and importing the JSON file back into the lab to make improvements or duplicate the diagram with enhanced features by clicking on the Import button. Also, you have the flexibility of exporting your diagram as a PNG image by clicking on the Save PNG button.



Step 5: Navigate back to the “SecuerFlag-Management” tab on your browser.

  1. Under the Diagram tab in the modal window, you will find the JSON representation of the diagram.

  2. Click on the Flags button tab in the modal window. This will display the list of available flags based on the diagram you created.



Step 6: Editing the Flags

  1. Click on the Edit button next to Boundaries.

  2. From the drop-down menu, select the relevant Knowledge-Based article (KB) that corresponds to the boundaries you are setting.

  3. Write the instructions for the user to select the boundaries.

  4. Note that nodes and boundaries are pre-filled based on the diagram you have created - you don’t have to modify them.



Step 7: Adding Hints (Optional)

  1. You can add hints to assist users. Toggle the "Not Available" option to enable hints.

  2. In the provided box, enter the hint information.

  3. Specify the percentage deduction for using the hint. 
    - Click "Update Flag" to save and update the flag.



  4. Follow the same process for the “Threats” and “Controls” flags (steps 6 and 7).

Once you have filled in all the details, go back to the Description tab and click on the Add Lab button to add your own Threat Modeling Lab.