Threat Modelling Tool
A free, browser-based threat modelling workbench powered by the open-source AWS threat-composer framework. No account required, no data leaves your browser.
What is threat modelling?
Threat modelling is a structured approach to identifying security risks early in the design or review of a system. Rather than waiting for a penetration test to surface issues, threat modelling asks: what could go wrong, and what do we do about it?
The AWS threat-composer tool helps teams build structured threat statements using a simple grammar — making threat models consistent, actionable, and exportable. It's used by security architects and engineers across AWS and beyond.
What the tool does
Need help threat modelling your system? NorthLayer delivers hands-on threat modelling engagements using STRIDE and MITRE ATT&CK — producing data flow diagrams, threat registers, and mitigations mapped to your architecture. Get in touch to discuss.
Powered by awslabs/threat-composer — open source, MIT licensed. Hosted by AWS Labs on GitHub Pages.
Need a threat modelling engagement?
NorthLayer delivers structured threat modelling workshops and outputs — DFDs, STRIDE analysis, MITRE ATT&CK mapping, and a prioritised mitigation register. Available as a standalone engagement or as part of a wider security architecture project.