Threat Modeling and Security by Design
Threat modeling tooling: Use our tool to start threat modeling within minutes.
Solve your threat modeling problems: We can help you to implement threat modeling and security by design.
Learn about threat modeling: We have lots of content to teach you about threat modeling.
Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale
It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.
- Powerful assessment engine to understand potential threats and security weakness.
- Flexible Diagram engine to visualize components and communication flows in play.
- Clear reporting and metrics for compliance demonstration.
Try our threat modeling tool and get started within minutes!
Tooling
We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.
Templates
Templates can help to kickstart the process. We have lots of free templates available.
Examples
We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.
Threat Modeling ARTICLES
Threat Modeling Tooling
Explanation of the Threat Modeling Tool
STRIDE Threat Modeling
The Ultimate List of STRIDE Threat Examples
STRIDE Threat Modeling Example for Better Understanding and Learning
STRIDE Threat Modeling in DevOps: A Perfect Fit
What is STRIDE Threat Modeling
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
Threat Modeling
How to use Data Flow Diagrams in Threat Modeling
Threat Modeling Versus Vulnerability Management
CAPEC Threat Modeling
Threat Modeling Framework
Why Threat Modeling is Overly Complex and How We Can Simplify It
CIS Controls
CIS Controls (CIS Critical Security Controls)
OWASP Top 10
PASTA Threat Modeling
PASTA Threat Modeling and DevOps
A PASTA Threat Modeling Example
TRIKE Threat Modeling
NIST
LINDDUN Threat Modeling
DREAD Threat Modeling
CISO Security Mind Map
AI Security
Adding AI to Applications: What You Need to Know for Safety and Security
An authentication bypass vulnerability in the Hippoo Mobile App for WooCommerce WordPress plugin, tracked as CVE-2026-10580 (CVSS 9.8), allows unauthenticated attackers to gain administrator-level access to WordPress sites. The vulnerability exists because the plugin’s permission checking function returns the same null sentinel for both administrators and unauthenticated visitors, creating a logic conflation that enables full account takeover with no credentials. What Is the Vulnerability?…
An argument injection vulnerability in ansible-core’s ansible-galaxy role install command, tracked as CVE-2026-11332 (CVSS 7.8), allows a malicious Ansible role to execute arbitrary code on the system running the installation. The vulnerability exists because dependency specifications in a role’s meta/requirements.yml file do not properly neutralise argument delimiters in the src field, enabling injection of arbitrary git configuration flags. What Is the Vulnerability? CVE-2026-11332 is…
Six privilege escalation vulnerabilities have been disclosed in the X.Org X server and Xwayland, the display server infrastructure present on virtually every Linux and Unix system with graphical capabilities. All six carry CVSS scores of 7.8 and enable local privilege escalation — potentially to root — through stack-based buffer overflows, use-after-free vulnerabilities, and out-of-bounds writes in core X server components. What Are the Vulnerabilities?…
A critical remote code execution vulnerability in the Hugging Face Transformers library, tracked as CVE-2026-4372, allows an attacker to execute arbitrary code by crafting a malicious config.json file that loads attacker-controlled code when a model is loaded. All versions of Transformers prior to 5.3.0 are affected. Transformers is the most widely used AI/ML library globally — with hundreds of millions of monthly downloads —…
Vulnerability Intelligence Report — June 6, 2026 Coverage: June 5–6, 2026 | New CISA KEV additions: 1 | New items: 5 | KEV deadlines today: 1 | KEV deadlines June 10: 2 Previous reports: June 5, 2026 | June 4, 2026 | June 3, 2026 Today — June 6, 2026 — the CISA KEV deadline for Mirasvit (Magento/Adobe Commerce) arrives. A critical remote code…
Continue Reading Vulnerability Intelligence Report — June 6, 2026
Two vulnerabilities in Microsoft Copilot have been disclosed: an injection vulnerability in Copilot Chat for Microsoft Edge (CVE-2026-47644, CVSS 6.5) and a command injection vulnerability in Microsoft Copilot (CVE-2026-45497, CVSS 7.7). Both allow an authorised attacker to execute code or disclose information over a network. What Are the Vulnerabilities? CVE-2026-47644 — Copilot Chat Injection (CVSS 6.5, CWE-74): An improper neutralisation of special elements in…