Threat Modeling and Security by Design
Threat modeling tooling: Use our tool to start threat modeling within minutes.
Solve your threat modeling problems: We can help you to implement threat modeling and security by design.
Learn about threat modeling: We have lots of content to teach you about threat modeling.
Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale
It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.
- Powerful assessment engine to understand potential threats and security weakness.
- Flexible Diagram engine to visualize components and communication flows in play.
- Clear reporting and metrics for compliance demonstration.
Try our threat modeling tool and get started within minutes!
Tooling
We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.
Templates
Templates can help to kickstart the process. We have lots of free templates available.
Examples
We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.
Threat Modeling ARTICLES
Threat Modeling Tooling
Explanation of the Threat Modeling Tool
STRIDE Threat Modeling
The Ultimate List of STRIDE Threat Examples
STRIDE Threat Modeling Example for Better Understanding and Learning
STRIDE Threat Modeling in DevOps: A Perfect Fit
What is STRIDE Threat Modeling
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
Threat Modeling
How to use Data Flow Diagrams in Threat Modeling
Threat Modeling Versus Vulnerability Management
CAPEC Threat Modeling
Threat Modeling Framework
Why Threat Modeling is Overly Complex and How We Can Simplify It
CIS Controls
CIS Controls (CIS Critical Security Controls)
OWASP Top 10
PASTA Threat Modeling
PASTA Threat Modeling and DevOps
A PASTA Threat Modeling Example
TRIKE Threat Modeling
NIST
LINDDUN Threat Modeling
DREAD Threat Modeling
CISO Security Mind Map
AI Security
Adding AI to Applications: What You Need to Know for Safety and Security
Coverage Period: June 1–12, 2026 Report Date: June 12, 2026 Vulnerabilities Tracked: 47 New CISA KEV Additions: 11 Critical/High Severity: 23 Actively Exploited (KEV + Reports): 8 Previous Report: June 1, 2026 Quick Reference CVE-2026-10520 — Ivanti Sentry OS Command Injection (KEV, due Jun 14, max severity, exploited) CVE-2026-35273 — Oracle PeopleSoft Zero-Day RCE (KEV candidate, ShinyHunters exploitation) CVE-2026-50751 — Check Point Security Gateway…
Continue Reading Vulnerability Intelligence Report — June 12, 2026
CISA Known Exploited Vulnerability (KEV): This vulnerability has been added to the CISA Known Exploited Vulnerabilities Catalog on 2026-05-27 with a required action date of 2026-06-10. It is actively exploited in the wild. CISA notes known ransomware campaign use. CVE ID: CVE-2026-48027 Vendor: Nx (Nrwl) Product: Nx Console (VS Code Extension) CVSS v3.1: 9.8 (CRITICAL) — AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v4.0: 9.3 (CRITICAL) CWE: CWE-506 (Embedded…
Continue Reading CVE-2026-48027: Nx Console Embedded Malicious Code Vulnerability (CISA KEV)
CISA Known Exploited Vulnerability (KEV): This vulnerability has been added to the CISA Known Exploited Vulnerabilities Catalog on 2026-05-29 with a required action date of 2026-06-01. It is actively exploited in the wild. CVE ID: CVE-2026-0257 Vendor: Palo Alto Networks Product: PAN-OS CVSS v3.1: 9.1 (CRITICAL) — AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS v4.0: 7.8 (HIGH) CWE: CWE-565 What Is the Vulnerability Palo Alto Networks PAN-OS contains an…
Critical vulnerabilities in Ivanti Sentry (formerly MobileIron Sentry) enable remote attackers to take over affected gateway appliances. Ivanti Sentry serves as the secure gateway between mobile devices and enterprise backend resources — it enforces access policies for email, documents, and internal applications accessed from smartphones and tablets. What Is the Vulnerability? Multiple critical vulnerabilities have been disclosed in Ivanti Sentry, the gateway appliance that…
A critical remote code execution vulnerability in Veeam Backup & Replication allows attackers to execute arbitrary code on backup servers. Veeam is the most widely deployed enterprise backup and recovery platform — it protects the data of hundreds of thousands of organisations globally. Backup servers are the last line of defence against ransomware: a compromised backup server gives attackers the ability to destroy or…
Vulnerability Intelligence Report — June 11, 2026 Coverage: June 10–11, 2026 | New CISA KEV additions: 0 | KEV deadlines today: 1 | Patch Tuesday deployment ongoing Previous reports: June 10, 2026 | June 9, 2026 Today — June 11, 2026 — is the CISA KEV remediation deadline for Check Point Security Gateway (CVE-2026-50751). The Dutch NCSC warned yesterday of expected large-scale abuse, and…
Continue Reading Vulnerability Intelligence Report — June 11, 2026