Threat Modeling and Security by Design
Threat modeling tooling: Use our tool to start threat modeling within minutes.
Solve your threat modeling problems: We can help you to implement threat modeling and security by design.
Learn about threat modeling: We have lots of content to teach you about threat modeling.
Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale
It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.
- Powerful assessment engine to understand potential threats and security weakness.
- Flexible Diagram engine to visualize components and communication flows in play.
- Clear reporting and metrics for compliance demonstration.
Try our threat modeling tool and get started within minutes!
Tooling
We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.
Templates
Templates can help to kickstart the process. We have lots of free templates available.
Examples
We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.
Threat Modeling ARTICLES
Threat Modeling Tooling
Explanation of the Threat Modeling Tool
STRIDE Threat Modeling
The Ultimate List of STRIDE Threat Examples
STRIDE Threat Modeling Example for Better Understanding and Learning
STRIDE Threat Modeling in DevOps: A Perfect Fit
What is STRIDE Threat Modeling
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
Threat Modeling
How to use Data Flow Diagrams in Threat Modeling
Threat Modeling Versus Vulnerability Management
CAPEC Threat Modeling
Threat Modeling Framework
Why Threat Modeling is Overly Complex and How We Can Simplify It
PASTA Threat Modeling
PASTA Threat Modeling and DevOps
A PASTA Threat Modeling Example
TRIKE Threat Modeling
NIST
LINDDUN Threat Modeling
DREAD Threat Modeling
Cybersecurity Risk Assessment Template: A Comprehensive Guide
A cybersecurity risk assessment template is a repeatable blueprint that guides organizations through the systematic identification, analysis, and treatment of cyber‑related threats to their most valuable information assets. A well‑designed template shortens ramp‑up time for teams, embeds best practices into daily operations, and yields documented evidence for auditors, insurers, and executive leadership. This article explains why you need such a template, what elements it must contain, how to tailor it…
Continue Reading Cybersecurity Risk Assessment Template: A Comprehensive Guide
How Threat Modeling Helps with Penetration Testing Scoping
In this article, we’ll answer how threat modeling helps with penetration testing scoping (and the intake process related to pen testing). Threat modeling is a practical, repeatable process that can make many other security activities easier and more effective, including penetration testing. Threat modeling can help identify what should be included in a penetration test and why. It’s a bit like planning your journey…
Continue Reading How Threat Modeling Helps with Penetration Testing Scoping
The Growth of Threat Modeling Tooling
In this article we’ll talk about the growth of threat modeling tooling. Think about building a new house. You wouldn’t dream of waiting until the very end to put in a good foundation, thick walls, good locks or smoke detectors, right? Well, the same idea holds true for creating software these days. Cyber threats are getting trickier and more persistent, so companies are realizing…
How Threat Modeling can Help with Vulnerability Management
In this article, we’ll explore how threat modeling can help with vulnerability management. We’ll also add an example with a diagram. I also wrote an article about threat modeling versus vulnerability management. It outlines the similarities & differences between the two. This is roughly how vulnerability management works in large enterprise companies (with some over-simplification & exaggeration): Build a (software and infrastructure) project to…
Continue Reading How Threat Modeling can Help with Vulnerability Management
Ultimate Threat Modeling Example using Multiple Methods
In this article, we’ll provide the ultimate threat modeling example using multiple methods, including Data Flow Diagrams, Attack Trees, and STRIDE. This approach allows us to use many different threat modeling methods to gain (additional) insights into a real-world example. The main question we’re asking ourselves is: Will the use of multiple threat modeling methods & diagrams help with our overall threat modeling activities?…
Continue Reading Ultimate Threat Modeling Example using Multiple Methods
NIST Cyber Security Framework (CSF) 2.0
NIST Cyber Security Framework (CSF) 2.0 is a comprehensive framework that describes how cyber security should be organized and implemented to secure an organization from cyber risks. It is widely used and therefore a well-known standard within the industry. NIST CSF was initially released in 2014, and the NIST CSF 2.0 update was released in February 2024. NIST CSF 2.0 is a major update from the prior version…