Threat Modeling and Security by Design

Threat modeling tooling: Use our tool to start threat modeling within minutes.

Solve your threat modeling problems: We can help you to implement threat modeling and security by design.

Learn about threat modeling: We have lots of content to teach you about threat modeling.

Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale

It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.

  • Powerful assessment engine to understand potential threats and security weakness.
  • Flexible Diagram engine to visualize components and communication flows in play.
  • Clear reporting and metrics for compliance demonstration.

Try our threat modeling tool and get started within minutes!

Methods

Learn about the various threat modeling methods such as STRIDE, PASTA, LINDDUN, and Persona non Grata.

Tooling

We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.

Templates

Templates can help to kickstart the process. We have lots of free templates available.

Examples

We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.

How Threat Modeling can Help with Vulnerability Management

In this article, we’ll explore how threat modeling can help with vulnerability management. We’ll also add an example with a diagram. I also wrote an article about threat modeling versus vulnerability management. It outlines the similarities & differences between the two. This is roughly how vulnerability management works in large enterprise companies (with some over-simplification & exaggeration): Build a (software and infrastructure) project to…

Continue Reading How Threat Modeling can Help with Vulnerability Management

Ultimate Threat Modeling Example using Multiple Methods

In this article, we’ll provide the ultimate threat modeling example using multiple methods, including Data Flow Diagrams, Attack Trees, and STRIDE. This approach allows us to use many different threat modeling methods to gain (additional) insights into a real-world example. The main question we’re asking ourselves is: Will the use of multiple threat modeling methods & diagrams help with our overall threat modeling activities?…

Continue Reading Ultimate Threat Modeling Example using Multiple Methods

NIST Cyber Security Framework (CSF) 2.0

NIST Cyber Security Framework (CSF) 2.0 is a comprehensive framework that describes how cyber security should be organized and implemented to secure an organization from cyber risks. It is widely used and therefore a well-known standard within the industry. NIST CSF was initially released in 2014, and the NIST CSF 2.0 update was released in February 2024. NIST CSF 2.0 is a major update from the prior version…

Continue Reading NIST Cyber Security Framework (CSF) 2.0

Attack Trees Threat Modeling

Attack trees threat modeling is a method that can be used for threat modeling. Attack trees can provide a helpful overview of potential attacks and attack types that can impact your threat modeling subject. As the name would suggest, an attack tree is a tree of (potential) attacks divided in branches. It starts at a main or master node, and has branches from it.…

Continue Reading Attack Trees Threat Modeling

EU NIS2 Directive

The digital landscape is vast and continually evolving, prompting the need for comprehensive security measures. With the rise in cyber threats, the European Union (EU) has pushed for stronger cybersecurity directives, most notably the Network and Information Systems 2 (NIS2) Directive. This article delves into the EU NIS2 Directive, its distinction from the original NIS, and who it impacts. Understanding regulations and legislation is crucial…

Continue Reading EU NIS2 Directive

EU NIS2, DORA, CRA and AI Act

Network and Information Security Directive (NIS2) What is it: The Network and Information Security Directive (NIS2) replaces the original NIS. It aims to improve cyber security & resilience within the EU. When will it apply: Each organization within scope of NIS2 must adhere to its requirements by Q4 2024. Who is in scope: All operators of critical infrastructure and essential services in the EU. NIS2 has 15 sectors of business & industry…

Continue Reading EU NIS2, DORA, CRA and AI Act