Home | Bug
Bounty | Threat Modeling | About me
A concept built on strong differentiators:
- based on Microsoft
STRIDE, but focusing first on business risks to
make it less verbose
- visual heatmap of the most sensitive areas
- help produce a prioritized short-list of most important
security requirements, rather than a long inventory of
threats
- using regular sequence
diagrams to minimize the learning curve, but defining them as code
to enable reusability and easy versioning
- browser-only code to avoid storing critical information in a
backend/database, persistence achieved via importing/exporting human
readable JSON files
Instead of computing business risk as business impact * probability,
probability is estimated as the opposite of attack difficulty.
Risk
tables are available by clicking on Risk Scoring.
All the details are available in the specs
file, the source of truth used by Claude Code to generate this
application.
But can also be self-hosted by copying those static files
in any web server.
