Skip to main content

Threat Modeling Projects Overview

Overview

Threat Modeling Projects act as dedicated workspaces for analyzing application components, API endpoints, and security risks. Each project contains:
  • API endpoint inventory
  • Automatically generated threat findings
  • Threat severity & confidence analytics
  • Project-level completion status
  • Collaborators & permissions
  • Workload distribution and ownership
Projects allow security teams to break large applications into manageable units and model each component efficiently.

Key Metrics & Insights

Total Endpoints

Total API endpoints included in the modeling scope of the project.

Total Threats

Count of all identified or generated threats across the project.

Progress Status

Tracks how much threat analysis is completed for the project.

Project Workspace

Project Workspace View

Each project card displays:
  • Project title & description
  • Total endpoints
  • Total threats
  • Collaborators
  • Started date
  • Progress bar showing modeling completion
This allows stakeholders to triage and prioritize projects at a glance.

Project Details

Inside each project, users gain access to multiple components:

🔹 API Endpoints

A complete list of scanned or manually added endpoints including:
  • Method
  • Host
  • Path
  • Threat count
  • Threat status

🔹 Threats

Auto-generated or manually added threats appear with:
  • Severity
  • Confidence
  • Owners
  • State (Pending, Acknowledged, In Progress, etc.)

🔹 Metrics

Charts summarizing threat severity distribution, status counts, and resolver workload.

🔹 Collaborators

A view to manage project-level permissions and designate threat owners.

API Endpoints Overview

Project Roles & Collaboration

Teams can add collaborators with specific roles:
  • Owner — full access; responsible for all threat approvals
  • Manager — can analyze threats, assign owners, and update states
  • Member — can review and assist in threat analysis

Project Collaborator Controls

Roles help define clear responsibility boundaries across the team.

Threat Generation Workflow

Each project integrates automated threat modeling:
  • AI analyzes API requests
  • Threats are generated using structured rules
  • Each threat includes:
    • Title
    • Explanation
    • Severity
    • Confidence
    • Practical mitigations
    • OWASP & CWE mappings
    • References

Threat Management Inside Project

This ensures repeatable, consistent modeling without manual guesswork.

Dashboard-Level Visibility

The Threat Modeling Dashboard aggregates data from all projects:

Threat Modeling Dashboard Overview

It provides global insights such as:
  • Total threats across all projects
  • Pending vs In Progress vs Verified
  • Severity distribution (Critical / High / Medium / Low)
  • Per-project threat breakdown
  • CWE classification across large datasets

Example Use Cases

API Threat Modeling

Analyze microservices and endpoints to identify backend weaknesses.

Secure Design Review

Evaluate system architecture and business logic flows.

Regulatory Compliance

Maintain audit-ready threat modeling documentation.

Developer Collaboration

Give developers visibility and ownership over threat mitigation.

Next Steps

Explore API Endpoints

Begin analyzing API paths, methods, and threat exposures inside each project.