Threat Modeling and Security by Design

Threat modeling tooling: Use our tool to start threat modeling within minutes.

Solve your threat modeling problems: We can help you to implement threat modeling and security by design.

Learn about threat modeling: We have lots of content to teach you about threat modeling.

View Articles

Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale

It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.

  • Powerful assessment engine to understand potential threats and security weakness.
  • Flexible Diagram engine to visualize components and communication flows in play.
  • Clear reporting and metrics for compliance demonstration.

Try our threat modeling tool and get started within minutes!

Methods

Learn about the various threat modeling methods such as STRIDE, PASTA, LINDDUN, and Persona non Grata.

Tooling

We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.

Templates

Templates can help to kickstart the process. We have lots of free templates available.

Examples

We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.

Threat Modeling ARTICLES

Threat Modeling Tooling

Threat Modeling Tool

Explanation of the Threat Modeling Tool

Automated Threat Modeling

STRIDE Threat Modeling

STRIDE Threat Modeling

The Ultimate List of STRIDE Threat Examples

STRIDE Threat Modeling Example for Better Understanding and Learning

STRIDE Threat Modeling in DevOps: A Perfect Fit

What is STRIDE Threat Modeling

How to STRIDE Threat Model

STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)

The Advantages of Using a Threat Modeling Tool for STRIDE

Threat Modeling

Threat Modeling

Threat Modeling Methods

What is Threat Modeling

Threat Modeling and DevOps

How to use Data Flow Diagrams in Threat Modeling

Threat Modeling Versus Vulnerability Management

CAPEC Threat Modeling

CAPEC Threat Modeling

Threat Modeling Framework

Threat Modeling Framework

Why Threat Modeling is Overly Complex and How We Can Simplify It

CIS Controls

CIS Controls (CIS Critical Security Controls)

OWASP Top 10

OWASP Top 10 2025

PASTA Threat Modeling

PASTA Threat Modeling

PASTA Threat Modeling and DevOps

A PASTA Threat Modeling Example

TRIKE Threat Modeling

Trike Threat Modeling

NIST

NIST CSF v1.1

LINDDUN Threat Modeling

LINDDUN Threat modeling

DREAD Threat Modeling

DREAD Threat Modeling

CISO Security Mind Map

CISO Security Mind Map 2025

CISO Security Mind Map 2026

AI Security

Adding AI to Applications: What You Need to Know for Safety and Security

Genetec Security Center Credential Exposure (CVE-2026-40619): Local Attacker Can Access Server Admin Credentials

A high-severity vulnerability in Genetec Security Center, tracked as CVE-2026-40619, allows an attacker with local operating system privileges on the main server to access Server Admin credentials. The vulnerability was discovered by a third party hired by Genetec. There is currently no evidence of active exploitation. What Is the Vulnerability? CVE-2026-40619 is a credential exposure vulnerability in Genetec Security Center — an enterprise-grade video…

Continue Reading Genetec Security Center Credential Exposure (CVE-2026-40619): Local Attacker Can Access Server Admin Credentials

OpenTelemetry eBPF Instrumentation Vulnerabilities (CVE-2026-45679 through CVE-2026-45686): Multiple Security Issues in Observability Framework

Eight vulnerabilities have been disclosed in OpenTelemetry eBPF Instrumentation, an open-source observability framework that provides eBPF-based instrumentation for the OpenTelemetry standard. The vulnerabilities span CVSS scores from 3.8 to 7.5 and include integer overflow, input validation flaws, buffer over-reads and under-reads, out-of-bounds reads, uncontrolled resource consumption, and log injection. All issues are fixed in version 0.8.0. What Are the Vulnerabilities? OpenTelemetry eBPF Instrumentation uses…

Continue Reading OpenTelemetry eBPF Instrumentation Vulnerabilities (CVE-2026-45679 through CVE-2026-45686): Multiple Security Issues in Observability Framework

NiceGUI Static Asset Information Disclosure (CVE-2026-45554): Uncaught Exception in FastAPI Routes

A vulnerability in NiceGUI, a Python-based UI framework, tracked as CVE-2026-45554, could allow attackers to trigger uncaught exceptions through two FastAPI routes that serve per-component static assets. The vulnerability carries a CVSS score of 5.3 and affects NiceGUI versions prior to 3.12.0. What Is the Vulnerability? CVE-2026-45554 is an uncaught exception vulnerability in two FastAPI routes within NiceGUI that handle per-component static asset serving.…

Continue Reading NiceGUI Static Asset Information Disclosure (CVE-2026-45554): Uncaught Exception in FastAPI Routes

OpenMed Remote Code Execution (CVE-2026-47117): Malicious Hugging Face Models via PII Privacy Filter

A critical remote code execution vulnerability in OpenMed, tracked as CVE-2026-47117, allows attackers to achieve arbitrary code execution by manipulating the PII privacy-filter model loading path. The vulnerability carries a CVSS score of 9.8 and affects OpenMed versions prior to 1.5.2. An attacker can supply a specially crafted model name that routes through a path loading Hugging Face models with trust_remote_code enabled, resulting in…

Continue Reading OpenMed Remote Code Execution (CVE-2026-47117): Malicious Hugging Face Models via PII Privacy Filter

elixir-mint HTTP/2 Denial of Service (CVE-2026-48862): Uncontrolled Resource Consumption via Attacker-Controlled HTTP/2 Frames

A resource exhaustion vulnerability in the elixir-mint HTTP client library, tracked as CVE-2026-48862, allows remote attackers to cause denial of service by sending attacker-controlled HTTP/2 frames that trigger uncontrolled resource consumption. The vulnerability carries a CVSS score of 8.2 and affects the mint library used by Elixir applications for HTTP client connections. What Is the Vulnerability? CVE-2026-48862 is an allocation of resources without limits…

Continue Reading elixir-mint HTTP/2 Denial of Service (CVE-2026-48862): Uncontrolled Resource Consumption via Attacker-Controlled HTTP/2 Frames

Devolutions Server Improper Access Control (CVE-2026-9590): Authenticated Users Can Modify Assets Without Permission

An improper access control vulnerability in Devolutions Server, tracked as CVE-2026-9590, allows authenticated users with entry edit privileges to modify asset information without the required authorisation. The vulnerability carries a CVSS score of 5.3 and affects Devolutions Server versions up to 2026.1.19. The fix is available in version 2026.1.20.0. What Is the Vulnerability? CVE-2026-9590 is an improper access control vulnerability in the permission validation…

Continue Reading Devolutions Server Improper Access Control (CVE-2026-9590): Authenticated Users Can Modify Assets Without Permission

Threat Modeling and Security by Design

Threat modeling and Security by Design methods, tools, and approaches to help secure your business and IT landscape.

Terms of Service | Privacy Policy

AI chatbot & help center by 99helpers.com

Threat Modeling
Threat Modeling Tool
Threat Modeling Tool Explainer
What is Threat Modeling?
STRIDE Threat Modeling
PASTA Threat Modeling
Automated Threat Modeling
Threat Modeling Framework
CISO Security Mind Map 2026
CIS Controls
OWASP Top 10

© Threat-Modeling.com