Get your free lifetime subscription to IriusRisk Community Edition - zero commitment access to Threat Modeling tools and libraries.
What is Community?
If you’re new to Threat Modeling or not quite ready for our Enterprise SaaS version, why not get hands-on experience on how you can quickly and easily architect an application using our Draw.io integration and understand potential security threats and countermeasures in one simple, easy-to-use interface.
If you’re already familiar with Threat Modeling and work in Architecture, DevOps or Security teams, you can try the Community Edition and learn quickly how it can help you to scale Threat Modeling within your organization through the powerful insights and collaboration capabilities.
An overview of our Community and Enterprise Editions plans:
SaaS | Free Lifetime Subscription
Perfect for getting hands-on with threat modeling for the first time, or to combine your efforts with tooling.
IriusRisk Community includes:
- 1 threat model
- Export Threats & Countermeasures as XLS
- Export threat models as XML
- Architectural diagramming with draw.io
- Limited technical and compliance reports
- Receive free community updates
Available as SaaS or On-Premise | Contact us for pricing
Benefit from all of the powerful capabilities IriusRisk has to offer to automate and scale across your organisation
All community capabilities, plus:
- Available with up to unlimited threat models -
- Available for unlimited users
- Data imports, custom field definition or workflow management
- Syncs with popular issue trackers
- Dedicated Customer Success Manager
- Hands-on, assisted onboarding process
- API access
- Enhanced import and export of models, threats, test results and metadata
- Full custom field definition and workflow management
A Simple Guide to Building A Threat Model within IriusRisk Community Edition.
Organizations want threat modeling to be easy to use for everyone, and to be so well embedded in the development cycle that there’s no need to even think about it. One typical way of building an embedded threat model is based on the basic principles of Adam Shostack’s four-question scheme. This model allows the user to detect security deficiencies during the design phase of the application.
1. What are we building? Building the diagram
2. What can go wrong? Pinpoint the threats
3. What are we going to do about it? Mitigating the threats
4. Did we do a good job? Validating the design and reporting the process
With our Community Edition you can pretty much do everything to understand the basic process above and see how it can help you to scale threat modeling throughout your organization.
Threat modeling: What, Why and How
The fundamental basis of threat modeling is identifying, communicating and managing security weaknesses.
The key principle underpinning threat modeling is “secure design” which means in practice addressing design flaws. Ideally threat modeling activities will take place from the inception of the project at the design phase and continue throughout the development lifecycle.
"As the SDLC has become more agile we are increasingly seeing companies think about security not just as an add-on at the end but as part of the function by embracing threat modeling. However, architects, developers and security teams still have a knowledge gap around threat modeling that needs to be addressed, which is partly due to the tools in the market being so expensive that it makes threat modeling “exclusive” to those who can afford it. IriusRisk's Community Edition addresses this challenge by providing a free and valuable resource for all, effectively democratizing threat modeling so that anyone working in the SDLC - not just a few specialists - can understand the implications of secure design work in accelerating the development and time to deployment."
Daniel Cuthbert Head of CyberSecurity Research, Banco Santander