Threat Model Diagram (STRIDE)
Map assets, trust boundaries, and STRIDE threats across a system's data flows.
Free to start · Fully editable · Export to SVG, PNG, GIF & MP4
What's in this template
7 connected components you can rename, recolor, and extend with AI.
This diagram captures a threat model, showing how an attacker might target a system and where defenses belong. Built around a central application or data flow, it maps trust boundaries, entry points, assets, and the STRIDE threat categories of spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege. Each element connects to the controls that mitigate the identified risks.
Security engineers, developers, and architects use this threat model diagram during design reviews and secure development lifecycles to find weaknesses before code ships. It supports STRIDE workshops, risk assessments, and documentation for auditors who want evidence that security was considered by design.
Great for
- Secure design reviews
- STRIDE workshops
- Risk assessments
- SDLC documentation
- Security audits
Frequently asked questions
What is a threat model diagram?+
It is a visual map of a system's assets, trust boundaries, and data flows annotated with potential threats and mitigations, used to identify and reduce security risks during design.
What does STRIDE stand for?+
STRIDE covers Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege, six categories used to classify threats against a system.
When should you create a threat model?+
Ideally during the design phase of the secure development lifecycle and again when architecture changes significantly, so weaknesses are caught before they reach production.
What are trust boundaries in a threat model?+
Trust boundaries mark where data crosses between zones of differing trust, such as between the internet and your backend, and are prime locations for threats and controls.
Related templates
View all Security →OAuth 2.0 Authorization Code Flow Diagram
Visualize the OAuth 2.0 authorization code grant between client, server, and resource API
Zero Trust Architecture Diagram
Show how zero trust enforces identity, device, and policy checks on every access request
SSO Architecture Diagram (SAML & OIDC)
Map single sign-on between identity provider, service providers, and the user browser
Incident Response Flow Diagram
Outline the incident response lifecycle from detection through recovery and lessons learned
SIEM Architecture Diagram
Show how a SIEM ingests, correlates, and alerts on log data from across the environment
RBAC Permission Model Diagram
Break down how users inherit permissions through roles in a role-based access control model
Microservices Architecture Diagram
Map independent services, an API gateway, databases and a message bus in a microservices system
Serverless Architecture Template
Map API Gateway, Lambda functions, managed databases and event triggers in a serverless app
Make it yours in seconds
Open the threat model diagram (stride) in the Infogiph canvas, then edit, animate, and export.
Use this template