Skip to content

Tools

A whiteboard or a shared document is often enough to run a threat modeling session. That said, the right tool can help you stay structured and make it easier to revisit and update your threat models over time.

Miro

We have Miro available in Equinor and it works well for collaborative threat modeling sessions. You can sketch out system diagrams, map data flows, and capture threats all in one place. It is especially useful for remote or hybrid sessions.

OWASP Threat Dragon

Threat Dragon is an open-source threat modeling tool. The desktop app is approved for use in Equinor and lets you create threat model diagrams and document threats directly against components in the model.

A key benefit of Threat Dragon is that its output is machine-readable. This opens up possibilities for automation and AI-assisted analysis of your threat models.