Security Tools & Resources
A curated set of free tools used in NorthLayer engagements — threat modelling, architecture diagramming, and security design. All free, most require no account.
Threat modelling tools
Identify and document threats to your systems before they're exploited. These tools help structure the process — from data flow diagrams through to threat registers and mitigations.
AWS threat-composer
Build structured threat statements using guided grammar. Map threats to mitigations, view coverage insights, and export to JSON, Markdown or PDF. All data stays in your browser — no account needed. Maintained by AWS Labs.
Microsoft Threat Modeling Tool
The Microsoft SDL Threat Modeling Tool helps identify threats using STRIDE methodology and data flow diagrams. Generates threats automatically based on your diagram structure. Ideal for Azure and Microsoft-stack architectures. Requires Windows.
OWASP Threat Dragon
A browser-based or desktop threat modelling tool from OWASP. Create data flow diagrams, identify threats per component, and record mitigations. Supports STRIDE and LINDDUN. No account required for the online version — models saved locally.
Not sure which tool to use?
For Microsoft and Azure architectures, the Microsoft Threat Modeling Tool generates STRIDE threats automatically from your diagram — a good starting point. AWS threat-composer is better for recording and managing threats as structured statements, particularly useful in agile environments. OWASP Threat Dragon works well across any stack and is fully browser-based. NorthLayer uses all three depending on the engagement. Get in touch if you'd like help running a threat modelling session.
Need a structured threat modelling engagement?
NorthLayer delivers hands-on threat modelling workshops — data flow diagrams, STRIDE analysis, MITRE ATT&CK mapping, and a prioritised mitigation register your team can act on.