threatdown is an open standard empowering teams and security experts to build threat modeling into all phases of development.
- familiar: easy to learn for everyone who already knows markdown
- simple: constrained to keep focused on what matters most
- maintainable: plain text makes collaboration and updating easy
- visual: compiles to graphs thanks to mermaid.js
How it works
Threatdown is a markdown-ish bulleted outline describing attack vectors using conditions, assumptions, and mitigations combined by boolean logic:
- conditions can be actions or states
- assumptions are indicated by a bullet ending in
? - mitigations block a condition or assumption
- mitigations can be shown as complete
[x]or incomplete[ ] - elements can be logically combined using AND
+OR-bullets - comments can be nested under any item with a
>
How it looks
__Attacker's goal__
- method which in order to be viable
+ requires this condition to be true
+ and this condition which depends on either
- x to be true
- or y to be true
+ hey this condition must be true too
- [ ] but this would prevent it
- another method here too
- a condition which depends on assumptions
+? this might be a problem
- [x] prevents it, though
+? but only if this happens
-? which assumes this also happens
> You can make inline comments as well
> in order to further explain stuff
Generating graphs
Run a simple command to generate a visualization of your threatdown tree:
npx threatdown inputfile -t svgYou’ll get:
Contributing
threatdown is an open standard inviting anyone to help develop, extend, and improve it.
