Threat modeling
Be faster than your competitors, prevent threats before they become costly and time-consuming issues in the code.
Develop with confidence
Find weak spots
Improve quality
They have trusted us
Learn more about threat modeling
Our Threat Modeling Process
We guide you in identifying and prioritizing the most significant risks to your project in a clear, systematic way.
1. Initial Contact –
You reach out to us via our website (or any preferred channel). We’ll respond within 24 hours to discuss your project’s scope.
2. Customized Proposal +
We analyze your needs and prepare a personalized offer.
3. Contract & Initial Payment +
Once the contract details are finalized, you pay 50% of the agreed fee to initiate the threat modeling process.
4. Threat Modeling Execution +
Our experts create a structured representation of your system, identifying potential attack vectors, assets at risk, and threat scenarios. We then evaluate and prioritize these threats for impact and likelihood.
5. Threat Modeling Report & Final Payment +
We deliver a comprehensive report detailing identified threats, their severity, and actionable recommendations for risk mitigation. After reviewing the threats, you pay the remaining 50%.
6. Post Threat Modeling Support +
If you need our help in addressing some of the threats, we are staying in the chat where you can ask questions and seek advice.
Save time
Build on solid foundations and best security practices to avoid multi-day audit fixes just before the launch.
Attract Investors
Instill confidence among investors, partners, and users by demonstrating a transparent, methodical approach to risk identification and mitigation.
Actionable Guidance
Receive an easy-to-understand report that highlights problem areas and provides clear strategies to minimize your risk profile.
Expert Threat Modeling Services Provided by the Best Auditors
How Does Threat Modeling Work?
Every threat modeling engagement involves identifying critical assets, mapping possible attack vectors, and assessing likelihood and potential impact. Based on real attack scenarios, our seasoned experts look for weak points in your protocol that should be taken care of to strengthen security throughout your organization.
Threat modeling not only pinpoints vulnerabilities but also enriches your understanding of system interactions, enabling more secure code and architecture.
Read more
What’s in a Threat Modeling Report?
Our report contains a diagram and detailed analysis of your application or protocol’s potential threats. Each mapped to severity levels ranging from Critical to Low. For each threat, we offer clear remediation steps and best practices for risk management.
By providing a high-level overview alongside technical detail, our reports cater to both executives and development teams.
Read moreGet Comprehensive Threat Analysis
We go the extra mile to uncover risks and help fortify your entire ecosystem, not just a single component.
Frequently asked questions
Can’t find an answer? Contact us or follow us on Twitter.
Paweł Kuryłowicz
Managing Partner & Smart Contract Security Auditor
Damian Rusinek
Managing Partner & Smart Contract Security Auditor
What is Composable Security? +
We are a small, elite team of smart contract auditors specializing in (re)staking, AVS, and hooks. We tailor our solutions to each client’s unique needs. We reject one-size-fits-all strategies in favor of a personalized, continually evolving service that delivers the highest level of security.
What is threat modeling? +
Threat modeling is the process of identifying, classifying, and mitigating threats to your system. It focuses on finding and prioritizing potential vulnerabilities before they can be exploited, helping you develop secure foundations and maintain trust among users and investors. Read more.
How long does the threat modeling process take? +
It depends on the complexity and scope of your project. Generally, threat modeling for an average project can take around one to two weeks.
How much does a threat modeling engagement cost? +
Pricing varies based on factors such as the size of your project, complexity of architecture, clarity of existing documentation, and any deadlines you might have. A typical engagement may range from $5000 to $10000. We’re happy to provide a customized quote upon reviewing your requirements.
When to perform threat modeling? +
Start building your first threat model as early as you can to give your project a strong security foundation. As your project grows and changes, refine and expand your model to address any new risks. Over time, this approach will evolve into a ‘fortress map’ that guides your decisions, follows proven standards, and strengthens your project’s overall security.
Why do you need threat modeling? +
Threat modeling helps early identify vulnerabilities and attack vectors, strengthening security measures before deployment. In blockchain environments – where flaws can result in catastrophic financial losses – early detection and mitigation of threats is essential to maintaining user trust and ensuring long-term project success.
Video testimonials
CTO Dean Rubin, Othentic Labs
Dean Rubin, CTO of Othentic Labs, partnered with Composable Security to conduct a thorough security review of the Rewards V2 smart contract module. The project aimed to verify the robustness of a new rewards distribution mechanism integrated with EigenLayer and ensure secure cross-chain operations across multiple Layer 2 networks.
CEO Amadeo Brands, YieldNest
Amadeo Brands, CEO of YieldNest, partnered with us to evaluate the security of their Max Vault integration with the Kernel protocol on BNB Chain. The goal was to ensure safe yield generation and optimize protocol robustness before launch.
Chief Architect Nick Velloff, Braintrust
Nick Velloff came to us for a security review of Braintrust, a decentralized talent network. The primary objective was to ensure the secure expansion of the Braintrust platform onto the Base network, validate integrations with third-party services such as Coinbase Onramp, and secure the wallet infrastructure used by its users.
Contact with specialist
Damian Rusinek
Managing Partner & Smart Contract Security Audito