Threat Modeling and Security by Design
Threat modeling tooling: Use our tool to start threat modeling within minutes.
Solve your threat modeling problems: We can help you to implement threat modeling and security by design.
Learn about threat modeling: We have lots of content to teach you about threat modeling.
Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale
It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.
- Powerful assessment engine to understand potential threats and security weakness.
- Flexible Diagram engine to visualize components and communication flows in play.
- Clear reporting and metrics for compliance demonstration.
Try our threat modeling tool and get started within minutes!
Tooling
We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.
Templates
Templates can help to kickstart the process. We have lots of free templates available.
Examples
We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.
Threat Modeling ARTICLES
Threat Modeling Tooling
Explanation of the Threat Modeling Tool
STRIDE Threat Modeling
The Ultimate List of STRIDE Threat Examples
STRIDE Threat Modeling Example for Better Understanding and Learning
STRIDE Threat Modeling in DevOps: A Perfect Fit
What is STRIDE Threat Modeling
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
Threat Modeling
How to use Data Flow Diagrams in Threat Modeling
Threat Modeling Versus Vulnerability Management
CAPEC Threat Modeling
Threat Modeling Framework
Why Threat Modeling is Overly Complex and How We Can Simplify It
CIS Controls
CIS Controls (CIS Critical Security Controls)
OWASP Top 10
PASTA Threat Modeling
PASTA Threat Modeling and DevOps
A PASTA Threat Modeling Example
TRIKE Threat Modeling
NIST
LINDDUN Threat Modeling
DREAD Threat Modeling
CISO Security Mind Map
AI Security
Adding AI to Applications: What You Need to Know for Safety and Security
A command injection vulnerability in BerriAI LiteLLM, tracked as CVE-2026-42271, allows any authenticated user — including holders of low-privilege internal-user API keys — to execute arbitrary operating system commands on the host. CISA added this vulnerability to the Known Exploited Vulnerabilities catalog on June 8, 2026 with a federal agency remediation deadline of June 22, 2026. What Is the Vulnerability? CVE-2026-42271 is a command…
An improper authentication vulnerability in Check Point Security Gateway’s IKEv1 key exchange, tracked as CVE-2026-50751, allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without valid credentials. CISA added this vulnerability to the Known Exploited Vulnerabilities catalog on June 8, 2026 with a federal agency remediation deadline of June 11, 2026 — just three days from the…
Vulnerability Intelligence Report — June 9, 2026 Coverage: June 8–9, 2026 | New CISA KEV additions: 2 | New items: 2 | KEV deadlines today: 0 | KEV deadlines this week: 4 Previous reports: June 8, 2026 | June 7, 2026 Today — June 9, 2026 — the OpenSSL security update arrives. CISA added two new entries to the Known Exploited Vulnerabilities catalog: Check…
Continue Reading Vulnerability Intelligence Report — June 9, 2026
An integer underflow vulnerability in Comodo Internet Security’s firewall driver Inspect.sys, tracked as CVE-2026-49494 (CVSS 7.5), allows crafted IPv6 packets to trigger unexpected behaviour in the kernel-level firewall driver. The vulnerability exists in the IPv6 packet parser and a proof-of-concept named “ComoDoS” has been published. What Is the Vulnerability? CVE-2026-49494 is an integer underflow vulnerability (CWE-191) in Comodo Internet Security’s firewall driver Inspect.sys. The…
Vulnerability Intelligence Report — June 8, 2026 Coverage: June 7–8, 2026 | New CISA KEV additions: 0 | New items: 1 | KEV deadline tomorrow (OpenSSL): 1 | KEV deadline June 10: 2 Previous reports: June 7, 2026 | June 6, 2026 The threat landscape is relatively quiet today — no new CISA KEV entries, no new actively exploited vulnerabilities. Attention turns to tomorrow:…
Continue Reading Vulnerability Intelligence Report — June 8, 2026
An arbitrary file upload vulnerability in the MDJM Event Management WordPress plugin, tracked as CVE-2026-7537 (CVSS 7.2), allows authenticated attackers with administrator access to upload arbitrary files — including PHP webshells — to the server. All versions up to and including 1.7.8.3 are affected. What Is the Vulnerability? CVE-2026-7537 is an unrestricted file upload vulnerability (CWE-434) in the mdjm_send_comm_email function. The function performs no…