Threat Modeling and Security by Design
Threat modeling tooling: Use our tool to start threat modeling within minutes.
Solve your threat modeling problems: We can help you to implement threat modeling and security by design.
Learn about threat modeling: We have lots of content to teach you about threat modeling.
Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale
It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.
- Powerful assessment engine to understand potential threats and security weakness.
- Flexible Diagram engine to visualize components and communication flows in play.
- Clear reporting and metrics for compliance demonstration.
Try our threat modeling tool and get started within minutes!
Tooling
We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.
Templates
Templates can help to kickstart the process. We have lots of free templates available.
Examples
We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.
Threat Modeling ARTICLES
Threat Modeling Tooling
Explanation of the Threat Modeling Tool
STRIDE Threat Modeling
The Ultimate List of STRIDE Threat Examples
STRIDE Threat Modeling Example for Better Understanding and Learning
STRIDE Threat Modeling in DevOps: A Perfect Fit
What is STRIDE Threat Modeling
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
Threat Modeling
How to use Data Flow Diagrams in Threat Modeling
Threat Modeling Versus Vulnerability Management
CAPEC Threat Modeling
Threat Modeling Framework
Why Threat Modeling is Overly Complex and How We Can Simplify It
PASTA Threat Modeling
PASTA Threat Modeling and DevOps
A PASTA Threat Modeling Example
TRIKE Threat Modeling
NIST
LINDDUN Threat Modeling
DREAD Threat Modeling
EU NIS2, DORA, CRA and AI Act
NIS2 What is it: The Network and Information Security Directive (NIS2) replaces the original NIS. It aims to improve cyber security & resilience within the EU. When will it apply: Each organization within scope of NIS2 must adhere to its requirements by Q4 2024. Who is in scope: All operators of critical infrastructure and essential services in the EU. NIS2 has 15 sectors of business & industry in scope. NIS2 details: Given…
Threat Modeling Framework
The Threat Modeling Framework describes activities & components needed to perform threat modeling in a structured and systematic manner, from external factors influencing a threat model to the core threats and security requirements. It is an answer to problems with threat modeling: threat modeling is overly complex with too much jargon. Image 1: Threat Modeling Framework overview. Overview of the Threat Modeling Framework The following paragraphs explains the overview…
Why Threat Modeling is Overly Complex and How We Can Simplify It
Threat modeling can often feel complex and confusing for security professionals who are new to it. Further, it can feel extra complex to developers, management, and other important stakeholders with limited security experience. So what are the factors that make threat modeling seem complex: It’s a broad term that can include many different solutions and practices. There’s no single or one way of performing…
Continue Reading Why Threat Modeling is Overly Complex and How We Can Simplify It
Threat Modeling the Okta Attack
Okta’s customer support system was attacked, allowing the attackers to access Okta customer systems. This was possible because the Okta customer support system contained HAR files and these include customer session data. The customer session data allowed for session hijack attacks. HAR files (short for HTTP Archive) are archives of web browser sessions, including cookies and session tokens. The attacker was able to gain…
Threat Modeling the 23andMe Data Breach
23andMe was attacked, or specifically, its users were, which resulted in a major data breach affecting many of its users (potentially up to 4 million users). The data breached relates to DNA testing results and additional ancestry analysis, which relate to the ‘DNA Relatives’ feature at 23andMe. The attacker posted some of the breached data on a public forum. Sources: 23andMe notification Reuters EFF…
DREAD Threat Modeling
What is DREAD Threat Modeling DREAD threat modeling is a quantitive assessment regarding the severity of a threat, with a scaled rating assigned to risk. DREAD has five categories, consisting of Damage, Reproducibility, Exploitability, Affected Users, and Discoverability. Damage: The total damage (or impact) that a threat can cause. Reproducibility: The ease at which an attack can occur (or be replicated). Exploitability: How likely…