Patent attributes
Attack simulation systems include a computing device coupled with a database, the device displaying input interfaces configured to store a plurality of threat model components, threats, and compensating controls in the database, and associate each stored threat with at least one stored component and associate each stored control with at least one of the stored threats through the database. A diagram interface is configured to diagram a system, application, or process, the diagram including some of the stored components and controls, to define a first threat model, and is further configured to display attack paths of all stored threats associated with the diagrammed components which compromise a selected component. Attack simulation methods include defining threat models and displaying attack paths using system interfaces. Threat model chaining methods include adding a component group to a first threat model to include therein a second threat model associated with a predefined component group.