COMPOSER
Threat Modeling
100% client-side — zero data transmission
What are you building?
Pick the building blocks of your webapp/API project. For each one you'll get STRIDE-LM risks, OWASP ASVS 5.0 requirements (code), and compensating measures (infrastructure/ops).
Identity & Access
Data & Storage
Payments & Business Logic
Interfaces & Integrations
Frontend & Input
Administration & Operations
Which data categories do you process?
Optional. Sharpens requirements regardless of which building blocks are selected above — e.g. a backend-only API can process health data without a classic profile feature. Not a substitute for legal advice, but shows which technical controls support the relevant GDPR obligation.
How is it deployed?
Optional, not mutually exclusive — most projects are a mix.
Select at least one building block.