Skip to content

Building a Threat Model

This guide walks through how to create, build, and iterate on a threat model in Devici, from starting a new model to reviewing threats and managing outcomes all within the platform.

Use this guide when you are:

  • Creating your first threat model in Devici
  • Building a new model for an existing system
  • Establishing a repeatable threat modeling workflow for your team

What you’ll do

  • Create a new threat model using the right starting method
  • Build a system diagram using elements, flows, and trust boundaries
  • Apply attributes to generate meaningful threats
  • Review threats and mitigations collaboratively
  • Track outcomes directly in Devici or integrate with existing workflows

Optional: Watch the walkthrough

If you prefer a visual overview, this short video demonstrates the end‑to‑end threat modeling workflow in Devici.

Watch the threat modeling walkthrough

Step 1: Organize your work with collections

Collections help you organize threat models in a way that matches how your organization operates.

Common collection strategies include:

  • Products or services
  • Applications or environments
  • Teams or business units
  • Major features or system domains

Creating collections first keeps related models grouped, easier to review, and simpler to govern over time.

Tip

Use collections to reflect ownership and scope, not architecture details. This makes collaboration, review, and access control clearer.

Step 2: Create a new threat model

Within a collection, create a new threat model. Devici gives you several ways to start, depending on how much context you already have.

Choose how to start

When creating a model, you can choose one of the following:

When creating a model, you can choose one of the following:

  • Start from a template
    Use a predefined structure for common system patterns or cloud architectures.

  • Import an existing model
    Bring in an existing threat model from:

  • OTM

  • Draw.io

  • Microsoft Threat Modeling Tool (.tm7)

  • Build from code (Code Genius)
    Generate an initial diagram by analyzing your codebase to accelerate first-pass modeling.

  • Generate with AI Diagram Assistant
    Describe your system in natural language and let Devici create a draft diagram.

  • Start with a blank canvas
    Build the model manually from scratch.

Choose the approach that best fits your starting point — all methods lead to the same modeling experience once the model is created.

Tip

It’s common to start with automation (templates, code, or AI) and then refine manually. Threat models are expected to evolve.

Step 3: Build the system diagram

Threat models in Devici are built using an interactive data flow diagram (DFD). This diagram represents how your system works and where trust assumptions change.

Add elements to the canvas

Use the canvas controls or element drawer to add:

  • Processes – Applications, services, APIs, or compute components
  • Data Stores – Databases, object storage, queues, or caches
  • External Entities – Users, third‑party systems, external services

Place elements to reflect logical relationships, not physical layout.

Connect elements with data flows

  • Draw connections between elements to represent data movement
  • Label flows to describe protocols, data types, or direction
  • Focus on meaningful data exchanges rather than every internal call

Define trust boundaries and zones

  • Add trust boundaries to show where trust levels change
  • Group related components into trust zones when they share assumptions

Trust boundaries are critical — many threats are generated specifically where data crosses them.

Tip

Start simple. A high‑level diagram with clear boundaries is more valuable than a dense, overly detailed one.

Step 4: Apply attributes

Once the structure is in place, apply attributes from the Devici Codex to elements and data flows.

Attributes describe security‑relevant characteristics, such as:

  • Authentication and authorization
  • Data sensitivity
  • Network exposure
  • Trust assumptions

How to apply attributes

  • Select an element or data flow
  • Open the attribute panel
  • Add one or more relevant attributes

Work through the diagram methodically, element by element.

Warning

Attributes drive threat generation. Missing or incorrect attributes will result in missing or misleading threats.

For detailed attribute guidance, see Attributes.

Step 5: Review generated threats

As attributes are applied, Devici automatically generates threats using the Codex.

How to review threats

For each threat:

  • Confirm whether it applies to the system as designed
  • Mark whether it is mitigated, partially mitigated, or unaddressed
  • Add notes to capture context, assumptions, or design decisions

Threat review is where the most value is created — it turns diagrams into shared understanding.

Tip

Treat threat review as a design validation activity, not a compliance checklist.

For deeper guidance, see Threats & Mitigations.

Step 6: Review and manage mitigations

Devici maps suggested mitigations to generated threats.

For each mitigation, you can:

  • Mark implementation status
  • Add evidence or links
  • Create custom mitigations for system‑specific controls

This keeps threat modeling connected to real engineering work without forcing a specific remediation workflow.

Step 7: Manage outcomes

You do not need to export a threat model to take action.

Depending on how your team works, you can:

  • Track threat and mitigation status directly in the Devici UI
  • Integrate with issue trackers and external systems using workflows
  • Export reports when a point‑in‑time snapshot is required

When exports are useful

  • Architecture or design reviews
  • Security sign‑off
  • Audit or compliance evidence
  • Sharing outside the Devici platform

Available formats include:

  • PDF – Diagram, threats, and mitigations
  • CSV – Threat register data for analysis or import

For details, see Exporting Threat Models.

What’s next

Once you’re comfortable building threat models, you can go deeper by focusing on specific areas: