Threat modeling that keeps pace
with your engineering
Build data flow diagrams, run automated STRIDE analysis, score risks with OWASP methodology, map threats to MITRE ATT&CK — and collaborate in real-time. All in one platform.
Everything you need to model, analyze, and monitor threats
From diagram to deployment, ThreatWerk covers the full threat modeling lifecycle with automation and real-time collaboration.
Threat Modeling
Draw data flow diagrams with processes, data stores, external entities, and trust boundaries. Visual, collaborative, version-controlled.
STRIDE Analysis
Automatically generate threats per element using STRIDE-per-element methodology. No manual enumeration.
OWASP Risk Scoring
Score each threat using the OWASP Risk Rating Methodology. Likelihood x impact on a 0-9 scale with radar visualization.
MITRE ATT&CK Mapping
Map threats to ATT&CK techniques. Heatmap visualization shows coverage and exposure across your model.
Real-time Collaboration
Multiple engineers edit the same model simultaneously. WebSocket-powered presence, cursors, and conflict resolution.
Supply Chain Intelligence
Continuous ingestion from 16+ threat feeds including NVD, CISA KEV, and AlienVault OTX. Auto-matched to your components.
SBOM Integration
Link diagram components to SPDX software inventories. PURL-to-tag conversion surfaces relevant CVEs automatically.
Campaign Tracking
Group related intel entries into campaigns with auto-match rules, timeline views, and IOC drill-down.
Watch the workflow
Short clips showing ThreatWerk's core capabilities in motion.
Diagram Editor
Drag and drop components, draw data flows, define trust boundaries — all on an infinite canvas with real-time sync.
Automated STRIDE Analysis
One click generates threats per element. Review, score, and annotate each threat with CAPEC patterns and ATT&CK techniques.
OWASP Risk Scoring
Score threats with the full OWASP Risk Rating methodology. Radar chart updates live as you select likelihood and impact factors.
Supply Chain Intel
CVEs from 16+ feeds auto-matched to your model components. Filter by severity, source, and incident type. Campaign tracking built in.
Three steps from architecture to actionable security
Model
Draw your architecture as a data flow diagram with processes, stores, external entities, and trust boundaries.
Analyze
Run automated STRIDE analysis, score risks with OWASP methodology, and map threats to MITRE ATT&CK techniques.
Monitor
Continuous intel matching from 16+ feeds keeps your threat model current as new vulnerabilities emerge.
Built on industry standards
ThreatWerk integrates with the frameworks and formats your security team already uses.
Simple, seat-based pricing
Every tier gets the full feature set. Differentiation is purely by team size. Available on AWS Marketplace.
Up to 10 users. For small security teams, startups, and individual product security engineers. $4,990/year (save 17%)
- Unlimited threat models
- All 16+ intel feeds
- Unlimited SBOM sources
- Real-time collaboration
- ATT&CK heatmap & MCP server
Up to 50 users. For mid-market security teams and compliance-driven organizations. $14,990/year (save 17%)
- Everything in Team
- Teams (group-based access)
- Review workflow
- Campaign tracking with auto-match
Unlimited users. For large enterprises, regulated industries, and multi-team deployments. $39,990/year (save 17%)
- Everything in Professional
- Unlimited seats
- Dedicated onboarding