ThreatCanvas Guide

ThreatCanvas Guide

Access ThreatCanvas

To access the tool, head to the user dashboard and click on ThreatCanvas in the left navigation menu.



ThreatCanvas can also be accessed through Jira and Azure DevOps integrations. 

Generate a Threat Model

1. Describe a Scenario or Upload Files

Start by entering the details of your scenario directly into the chat prompt. The more detailed your description, the better the analysis. You can also add more details and refine your analysis later by chatting with the ThreatCanvas Assistant.

Try some of the examples below to get started and see what is possible.

a. Create a Threat Model for an Application:

"Model a C# web application hosted on an Azure Kubernetes cluster. Users can upload their files, including pictures and documents, and access them from their computers or mobile devices. The application stores data in a PostgreSQL database."

b. Create a Threat Model for Feature:

"Model a new feature that allows users to download their stored data and then request their data to be deleted."

It’s also possible to upload images, diagrams, documentation, and Infrastructure as Code (IaC) as part of the analysis. ThreatCanvas supports the following file types:

File Type
Extensions
Images
.jpeg .jpg .png .gif .svg .webp
Visio
.vsdx
draw.io
.drawio
JSON
.json
XML
.xml
IaC
.tf .json .yaml .yml .txt


2. Select a Risk Template

Risk Templates guide ThreatCanvas in focusing on specific risk areas, ensuring relevant and targeted threat identification. ThreatCanvas will use the chosen template to identify threats and their corresponding controls.

Click on the dropdown menu to select a template. The management interface allows you to create a custom Risk Template that aligns with your organization’s priorities.



Here’s an overview of the default Risk Templates currently supported by ThreatCanvas:
  1. OWASP Top 10:  Aligns with the widely recognized OWASP Top 10, a list of the most critical web application security risks.

  2. STRIDE:  The STRIDE model is Microsoft’s comprehensive approach to identifying security threats in software applications. STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

  3. Amazon Web Services (AWS): Helps identify and mitigate risks specific to AWS cloud infrastructure. 

  4. Microsoft Azure: Focuses on identifying and addressing risks within Azure cloud environments.

  5. Google Cloud Platform (GCP): This template assists in addressing security and compliance risks for applications running on GCP.

  6. Payments (PCI DSS): Tailored for applications that handle cardholder data, aligning with the Payment Card Industry Data Security Standard (PCI DSS).

  7. Health (HIPAA): Designed for applications dealing with healthcare data that are in scope for the Health Insurance Portability and Accountability Act (HIPAA).

  8. Privacy (LINDDUN): Aimed at helping identify data protection and privacy risks, ensuring that applications comply with privacy laws and guidelines.

  9. Low-Code/No-Code: This template is based on the OWASP Top 10 for Low-Code/No-Code applications. 

  10. Memory Safety: Focuses on memory safety vulnerabilities, helping to identify and mitigate risks such as Buffer Overflows, Use-After-Free errors, and Memory Leaks in non-memory safe programming languages.

  11. Automotive: Addresses threats to the security, safety, and functionality of modern vehicles, especially with the increasing adoption of connected and autonomous vehicle technologies.

  12.  MITRE ATT&CK for Enterprise: Includes the main tactics provided by MITRE ATT&CK, which is widely used in cybersecurity to understand adversary behaviors.

  13. OT/IoT/SCADA: Designed to identify, analyze, and mitigate security risks in Operational Technology (OT), Internet of Things (IoT), and Supervisory Control and Data Acquisition (SCADA) systems.

  14. Privacy: Designed to identify, analyze, and mitigate risks to personal data and privacy. It helps organizations address potential privacy violations, align with data protection regulations, and safeguard individual rights.

  15. Federal Risk and Authorization Management Program (FedRAMP):  Designed to help organizations identify, analyze, and mitigate risks to systems seeking authorization under the Federal Risk and Authorization Management Program (FedRAMP). 

3. Start Model Generation

Click on '>' or hit Enter on your keyboard to start generating a threat model. ThreatCanvas will create a visual representation of your scenario and suggest relevant Threats and Controls.

Info
TIP: By default, ThreatCanvas will draw the diagram and identify relevant Threats and their corresponding Controls. To create a graphical representation without identifying Threats and Controls, try telling ThreatCanvas Assistant, "Do not analyze." This will create a diagram of your scenario without additional analysis.



The Canvas

ThreatCanvas builds a graphical representation of the scenario. Each node is categorized as an Entity, Process, Data Store, or Business Logic (see Components for more information). ThreatCanvas also draws data flows between the nodes and groups them into Trust Boundaries. For each node, ThreatCanvas identifies potential threats and their corresponding controls according to the selected Risk Template.

You can edit the diagram to customize your model for an accurate representation of your scenario:
  1. Chat with the ThreatCanvas Assistant, asking it to make changes to the diagram (e.g., “connect the application server with the database, use ‘SQL’ as a label”).
  2. Drag the nodes to rearrange them.
  3. Hold CTRL on a node and drag it to connect it to another node with a data flow arrow.



Adding Additional Elements to the Diagram 

You can add additional elements by asking the ThreatCanvas Assistant (e.g., “Add a reverse proxy between the Browser and the Web Application”) or manually through the top toolbar menu.



Node Details

Once you click on any of the nodes, the node settings will appear on the right-hand side.


1. Adding Label and Notes

In this section, you can add labels to nodes, include notes, and mark nodes as out of scope by toggling the "Out of Scope" switch. Marking a node as out of scope will exclude it from the analysis and reports.



2. Adding Trust Boundaries

Trust Boundaries are points where the level of trust or control changes within the system. You can place a node into a Trust Boundary by selecting one of the available Trust Boundaries from the list. To create a new Trust Boundary, simply enter its name in the text box and click the plus (+) button. You can also delete existing Trust Boundaries by selecting one and clicking the Delete icon.

To remove a node from all Trust Boundaries, select the node and choose 'None.'




3. Components

Nodes can represent Entities, Processes, Data Stores, or Business Logic.

You can change a node's Component by clicking the Change button, save your changes, and optionally analyze the Component by selecting the Analyze button.

Then, you can access the custom Components by clicking the Change button.

NotesNote: Admins can create custom Components by saving notes, threats with their risk ratings, and controls for reuse across models in the organization. Only the organization’s admins can see the custom Components in the management interface.



4. List of Threats

In the right-side menu under Threats, you can see the list of threats identified in your threat model. You can add new Threats to this menu, quickly change their Risk Rating and Mitigation status, or remove them entirely by clicking the Delete icon.



Risk Rating

Risk Rating indicates the severity level of threats. You can rapidly change the Risk Rating by clicking on its label. Risk Ratings are represented using three distinct color codes:
  1. Green: Low Risk
  2. Amber: Moderate Risk
  3. Red: High Risk


Mitigation Status

A Threat can be identified as:
  1. Open: The threat is considered as still open. A remediation plan needs to be put in place.
  2. Mitigated: There is no residual risk, and no actions are necessary.
  3. Risk Accepted: The threat is considered still open, but remediation is not deemed necessary.


To change the mitigation status of a Threat, click the small circle next to its Risk Rating. 
  1. A ticked circle indicates that the threat has been mitigated.
  2. A dotted circle signifies that the risk associated with the threat has been accepted.
  3. An empty circle means the threat remains open.
You can also delete Threats from the list by clicking the Delete icon next to the Threat.

Add Threats

You can add additional Threats to the model by clicking the plus (+)
 icon. 

Select Threats from the library filtered by the available Risk Templates. Alternatively, add a custom Threat by giving it a name and clicking the '+'
 button. 
            


Linking Another Threat Model

ThreatCanvas lets you link an entire threat model to a node within another model. This makes it easy to build modular, scalable threat models.

Key benefits:
  1. Modularity: Represent complex components as standalone, linked models.
  2. Reusability: Reuse existing threat models across multiple systems.
  3. Consistency: Updates to a linked model apply wherever it’s used.
  4. Abstraction: Keep high-level models clean by hiding internal details.
  5. Collaboration: Teams can manage their own models and link them together.

This is especially useful for microservices, shared platforms, and large systems.

To link another threat model:
  1. Click on a node within your model.

  2. In the Node Settings, click the Link icon



    This opens the ThreatCanvas Models modal window.

  3. Find the model you want to link.

  4. Click the Link button next to that model.


Once linked, you’ll see that the selected node changes shape to indicate a connection, and the linked model becomes part of your current threat model.


Viewing or Managing Linked Models

You can view the linked model by clicking the Visit button and can remove the link by clicking the Unlink button.



Threat Details

Within the Node details, you can click on any Threat in the list to display its details. 

Threat Information & Notes

Click on Show details to access detailed information about the Threat from SecureFlag’s Knowledge Base as well as curated external sources. If you have a SecureFlag Training license, you can also play hands-on training labs relevant to the Threat. It’s also possible to add notes in the designated text box.


                 

Action Plan

In this section, you can update the Risk Rating and the mitigation status and provide a rationale for the selected status.



List of Controls

In the right-side menu under Controls, you can see the list of controls identified in your model. With this menu, you can add additional controls, quickly mark them as implemented, or remove them entirely.



To mark a Control as implemented, click the small circle. Once the circle changes to a blue tick, the Control is marked as implemented. To delete a Control, click the Delete icon.



Add Controls

You can add additional Controls to the model by clicking the Plus (+) icon. Select a Control from the library based on the available Risk Templates. Alternatively, add a custom Control by giving it a name and clicking the '+' button. 



Control Details

Similarly, within the Threat details, you can choose a Control from the list to navigate to the Control details.
        


Control Information

Click on Show details to access detailed information about the Control. You can also add notes in the designated text box.



Action Plan

Below the control information, the Action Plan section allows you to mark the Control as implemented by toggling the provided switch and adding a mitigation rationale.




    • Related Articles

    • Admin Guide to Managing ThreatCanvas

      As an administrator or content creator, you have access to two key sections in the platform's management portal related to ThreatCanvas: Threat Models TM Library These sections allow you to manage saved models, approve new models, create risk ...

    • Manage Your Threat Models

      Use the toolbar to manage your threat models. Saving Your Model To save your Threat Model, click the Save icon on the toolbar. A model can be saved to your library by choosing one of the available visibility groups. You can save your model directly ...

    • Frequently Asked Questions

      Data Security ThreatCanvas does not store any user prompts or attachments. No customer data is used to train the LLM model. SecureFlag uses an LLM provided by Anthropic. Threat models can be stored on SecureFlag. Data is stored in a relational ...