Tools / Import Data

TLCTC Reference SDLC Architectures

Official reference JSON models for the TLCTC SDLC Threat Modeling App. Download these templates to bootstrap your threat modeling process with pre-configured components and threat mappings.

Schema Version: 2.0 - Documentation

Verified

OAuth/OIDC IdP Integration

IdP

Typical authentication topology for a SaaS application integrating with an external Identity Provider (e.g., Google) using OAuth 2.0 / OpenID Connect.

Components: 5 Interfaces: 3

typical OAuth/OIDC flow with Google IdP integration

Healthcare

Healthcare Patient Portal

HIPAA-compliant patient portal with EHR integration, patient mobile app, and third-party lab results. Demonstrates PHI protection and healthcare-specific threats.

Components: 10 Interfaces: 4

Features: FHIR, Epic EHR, Azure AD B2C

SaaS

Multi-Tenant SaaS Platform

B2B SaaS platform with tenant isolation, SSO integration, and usage-based billing. Demonstrates multi-tenancy security boundaries and OAuth flows.

Components: 12 Interfaces: 3

Features: Okta SSO, Stripe, RabbitMQ

FinTech

Financial Trading Platform

High-frequency trading system with market data feeds, order execution, and regulatory reporting. Emphasizes real-time threats (VC-4) and financial data integrity.

Components: 8 Interfaces: 2

Features: FIX Protocol, FPGA, Reuters

Enterprise

Corporate Network Infrastructure

Enterprise network with Active Directory, VPN, endpoint management, and cloud hybrid connectivity. Demonstrates bridge cluster threats (#8, #9) and lateral movement.

Components: 10 Interfaces: 3

Features: AD, VPN, Entra ID, SIEM

Banking

Mobile Banking Application

Consumer mobile banking with biometrics, card controls, payments, and fraud detection. Demonstrates PCI-DSS considerations and mobile-specific threats.

Components: 11 Interfaces: 4

Features: Biometrics, Fraud ML, Visa/MC

Need Everything?

Download all 6 reference architectures in a single zip archive for offline analysis.