PocketTM

Security Threat Modeling Guide

Only for iPhone

Free

iPhone

Welcome to PocketTM App Summary At the grocery store, do you need to perform a Threat Model? No problem, PocketTM is here to help you. Want to save time while still covering everything you need as part of performing a Threat Model? Introducing PocketTM, an iOS application designed to guide security professionals through comprehensive security threat assessments using Microsoft's STRIDE framework. The app provides a structured approach to identifying potential security vulnerabilities during system design phases, transforming complex threat modeling into an accessible, step-by-step process. Key Features - **Hierarchical Navigation**: Explore threats from high-level categories down to specific risks and discovery questions using our intuitive S.AB.IMP.DQ naming convention - **Customizable**: Add your own risks and threats based off your environments - **Export selections**: Build your own Threat Model and export the selections for use - **Comprehensive Coverage**: Access detailed question libraries for all STRIDE categories - **Guided Discovery**: Systematic exploration from threat categories (Spoofing, Tampering, etc.) through specific risk vectors (Authentication Bypass, DNS Spoofing, etc.) - **Focus Area Examination**: Drill down into implementation details with targeted discovery questions - **Mitigation Recommendations**: Practical security controls matched to identified risks - **Project Management**: Save and manage multiple threat assessments - **Report Generation**: Export professional security documentation The STRIDE Framework The app is built around the STRIDE threat modeling methodology, organizing cybersecurity threats into six categories: - **Spoofing**: Impersonation attacks including phishing, session hijacking, and DNS poisoning - **Tampering**: Unauthorized data modification and code injection - **Repudiation**: Ability to deny performing malicious actions - **Information Disclosure**: Exposing sensitive information to unauthorized parties - **Denial of Service**: Making systems or applications unavailable - **Elevation of Privilege**: Gaining unauthorized access to restricted functionality Each category contains detailed risk vectors with comprehensive discovery questions and mitigation strategies, enabling thorough security assessments for any application. Who Should Use This App - Security professionals - Software architects - Development team leads - Security auditors - Compliance officers - Anyone involved in designing secure systems PocketTM transforms Threat Model planning from a specialized activity requiring expert knowledge into a guided process that development teams can incorporate into their workflows, ultimately leading to more secure application development.

Ratings & Reviews

  • This app has not received enough ratings or reviews to display an overview.

- Swipe-to-delete for custom threats, focus areas, and questions - "Custom" badge now appears on user-created items - Improved stability and iOS compatibility

Version 2.5

The developer, Nicholas Payton, indicated that the app’s privacy practices may include handling of data as described below. For more information, see the developer’s privacy policy .

  • Data Not Collected

    The developer does not collect any data from this app.

    Privacy practices may vary based, for example, on the features you use or your age. Learn More

    Accessibility

    The developer has not yet indicated which accessibility features this app supports. Learn More

    Information

    • Provider
      • Nicholas Payton
    • Size
      • 2 MB
    • Category
      • Developer Tools
    • Compatibility
      Requires iOS 18.0 or later.
      • iPhone
        Requires iOS 18.0 or later.
    • Languages
      • English
    • Age Rating
      4+
    • Copyright
      • © Nick Payton
  • Privacy Policy

    • More by Nicholas Payton

    You Might Also Like