Have you tried using it? It works, but I can't help but feel that a desktop version would have been much easier to use.
A trio of university undergraduates have worked with Mozilla to create an online threat modelling tool designed to help system administrators better understand the threats they face. The open source SeaSponge tool, developed under Mozilla's Winter of Security initiative, sports a graphical flow its designers say could be a …
Wednesday 1st April 2015 11:45 GMT elDog
Let's grab the low-hanging ones here - HTTP/S threats only
As anyone who has worked with penetration testing can attest, just looking at the web browser vector is easy, altho it is one of the more fruitful. There are plenty of other external internet vectors such as FTP/S, Telnet, SSH, SOAP, non-HTTP TCP, non-TCP.
Threats can also come from external media, special communications channels, and especially PEBCAK.