We understand how critical it is to embed security into every stage of the software development lifecycle (SDLC). At SecureFlag, we’re excited to announce the launch of ThreatCanvas 2.0, the latest evolution of our automated threat modeling solution designed to empower developers and streamline security processes.
Empowering Developers, Enhancing Security
ThreatCanvas 2.0 is built with a clear mission: to help organizations establish scalable threat modeling processes that enable developers to identify security issues and implement the right controls before coding even begins. By decoupling the creation of threat models from their review, we allow developers to generate comprehensive threat analyses independently while security teams can focus on oversight and guidance.
What’s New in ThreatCanvas 2.0
We’ve listened to your feedback and implemented a host of new features and improvements to make ThreatCanvas more powerful and user-friendly than ever.
Advanced Intelligence for Smarter Threat Modeling
The new ThreatCanvas leverages advanced intelligence to automatically generate diagrams and detect threats with enhanced precision and speed. This smarter system reduces the time developers spend on manual inputs, allowing them to focus on building secure applications.
Refreshed User Experience
We’ve revamped the user interface to provide a more intuitive and engaging experience. The updated menu bar and streamlined navigation make it easier to find what you need. Visually engaging dashboards and reports now highlight residual risks, helping teams prioritize their efforts effectively.
Improved File Ingestion
Handling multiple files is now a breeze. ThreatCanvas 2.0 supports the simultaneous upload of multiple files—including images, Draw.io and Visio diagrams, Infrastructure as Code (IaC), and documentation—directly onto the canvas. This flexibility ensures that all relevant information is easily accessible in one place, streamlining the threat modeling process like never before.
Collaboration and Oversight
Watchers & Collaborators
Teamwork is at the heart of secure development. With the new Watchers & Collaborators feature, you can add team members to specific projects, enhancing collaboration and oversight. Watchers receive notifications about project updates, keeping everyone in the loop.
Shared Components
Promote consistency and efficiency with Shared Components. Reuse assets and configurations across projects and easily manage them through the centralized interface. Stay up-to-date with risk considerations across all projects where custom components are used.
Enhanced Integration Capabilities
Improved Azure DevOps and Jira Integration
Seamlessly integrate ThreatCanvas into your existing workflows. Save links to resume threat models later, enhanced by support for multiple collaborators. Export PDFs or JSON files directly to Azure DevOps boards or Jira stories. ThreatCanvas can now automatically import all notes and analyses performed on the model and create child issues for identified threats that require control implementation.
API Integrations
Our new API integrations enable seamless data exchange, allowing you to effortlessly incorporate threat modeling processes into your existing application workflows. By integrating ThreatCanvas deeply into your development ecosystem, you reduce manual overhead, minimize errors, and accelerate the delivery of secure software.
Centralized Administration
Admin Dashboard
The newly introduced admin dashboard offers a centralized view for monitoring all threat modeling projects. Customize your threat model library, risk templates, and components, and access vital system metrics—all from one place.
Workflow Capabilities
Enable threat modeling workflows that allow for the submission, review, and approval of models. This feature decouples the creation of threat models by developers and architects from their review and feedback by security teams, enhancing efficiency and clarity in the process.
Prioritize Risks with Confidence
Risk Score and Modifiers
ThreatCanvas automatically calculates a risk score for all your threat models, helping you prioritize high-risk projects. Use Risk Modifiers to weigh risks based on factors like data criticality (Payment, Health, PII), mission criticality, and internet exposure.
Improved Customization Options
Tailor ThreatCanvas to your organization’s needs. Add default risk ratings for custom threats in your threat model library, link custom threats to controls, and create customized risk templates.
New Default Risk Templates
We’ve expanded our library of risk templates to help you focus on what’s most important to your organization or specific product teams. New templates include:
-
Memory Safety
-
Low-Code/No-Code
-
Automotive (with a focus on ISO 21434)
-
Aviation (focusing on Part IS)
-
MITRE
These are in addition to existing templates like OWASP Top 10, STRIDE, PCI-DSS, HIPAA, Privacy (based on LINDDUN), AWS, Azure, and GCP.
Redefining Secure by Design
ThreatCanvas 2.0 represents a significant advancement in automated threat modeling.
By empowering developers with intelligent tools and setting up scalable collaboration with security teams, we’re helping organizations reduce security rework later in the SDLC and focus more on delivering value.
Ready to experience the new ThreatCanvas? Contact us to schedule a demo or to learn how ThreatCanvas 2.0 can transform your security processes.
