Skip to main content

Overview

Pwnbook’s threat modeling feature lets you create visual threat models directly within an engagement. Instead of static spreadsheets or disconnected diagrams, threat models in Pwnbook are interactive, shareable, and linked to the rest of your engagement data. Each engagement can have one or more threat models, making it easy to model different components or attack surfaces separately.

Creating a threat model

  1. Open an engagement and navigate to the Threat Models tab.
  2. Click New Threat Model.
  3. Give the model a name (e.g., “Authentication Flow” or “Payment Processing”).
  4. Click Create to open the diagram canvas.

The diagram canvas

The canvas is an interactive diagram editor where you visually construct your threat model. You can zoom, pan, and drag elements freely to build the layout that best represents your target system.

Adding assets

Assets represent components of the system you’re modeling — servers, databases, user clients, external services, and so on. To add an asset:
  1. Click the Add Asset button or drag an asset type from the left panel.
  2. Choose the asset type (e.g., Web Server, Database, User, External API).
  3. Position the asset on the canvas.
  4. Click the asset to edit its label and properties.
Assets serve as the nodes in your threat model diagram. Connect them with data flows to show how information moves through the system.

Identifying threats

Threats represent potential security issues that could affect assets. For each asset, you can attach one or more threats. To add a threat to an asset:
  1. Click an asset on the canvas.
  2. In the properties panel, click Add Threat.
  3. Enter the threat name and description.
  4. Optionally categorize the threat using the STRIDE model (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege).
  5. Assign a severity level (Critical, High, Medium, Low, Informational).

Threat vectors

Threat vectors define the paths an attacker might take to exploit a threat. They connect assets on the canvas to show attack routes. To add a threat vector:
  1. Hover over a source asset until the connection handle appears.
  2. Click and drag to a target asset to create a vector.
  3. Click the vector line to give it a label and associate it with a specific threat.
Threat vectors help visualize how a compromise of one component can propagate to others.

GitHub PR integration

GitHub integration must be configured before using this feature. See GitHub Integration.
Pwnbook can automatically create or update threat models based on pull requests in your connected GitHub repositories. When a pull request is opened or updated:
  1. Pwnbook analyzes the diff for security-relevant changes.
  2. A threat model review is triggered for the affected engagement.
  3. Suggested threats are added to the relevant threat model.
  4. You receive a notification (and optionally a Slack message) to review the suggestions.
This keeps your threat models up to date as the codebase evolves, without requiring manual updates for every code change.

Sharing threat models

Threat models are visible to all members of the engagement’s organization. To share a specific threat model externally (e.g., with a client), export it as a PDF or image from the canvas toolbar.

Best practices

Before adding threats, map out how data flows through the system. This makes it much easier to identify where threats apply.
Separate threat models for separate trust zones (e.g., one for the public-facing API, one for internal services) keep models manageable and focused.