Cyberismo threat modelling

Threat modelling with automatically generated diagrams

The open-source Cyberismo Secure development essentials content module includes excellent tools for threat modelling, which is one of the most important activities in secure development.

Threat modelling requires an understanding of the trust boundaries, processes, external entities, data stores, and dataflows between the entities. With Cyberismo, you can model the structure of your solution with cards and links, and the tool will generate dataflow diagrams automatically.

Besides threat modelling, you can try out the modelling tool for architecture documentation: model your architecture, create architecture decision records, and write design specifications!

As threat modelling is a part of the Secure development essentials module, it integrates very well with the rest of the secure development process.

Get started with threat modelling.

The ultimate tool for threat modelling “as code”

Intuitive threat modelling

With Cyberismo, the resulting threat model is represented as plain text, so you can manage it in software version control similarly as code.

Despite the representation “as code”, the modelling experience is completely graphical and visual. There are no new domain-specific languages or notations to learn!

Resources

Source code

Cyberismo secure development essentials module on GitHub

Documentation

How to install and get started with the Cyberismo secure development essentials module
Tutorial about the Cyberismo threat modelling tools

Demo

How to set up the demo environment