Threat Modeling and Security by Design

Threat modeling tooling: Use our tool to start threat modeling within minutes.

Solve your threat modeling problems: We can help you to implement threat modeling and security by design.

Learn about threat modeling: We have lots of content to teach you about threat modeling.

View Articles

Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale

It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.

  • Powerful assessment engine to understand potential threats and security weakness.
  • Flexible Diagram engine to visualize components and communication flows in play.
  • Clear reporting and metrics for compliance demonstration.

Try our threat modeling tool and get started within minutes!

Methods

Learn about the various threat modeling methods such as STRIDE, PASTA, LINDDUN, and Persona non Grata.

Tooling

We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.

Templates

Templates can help to kickstart the process. We have lots of free templates available.

Examples

We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.

Threat Modeling ARTICLES

Threat Modeling Tooling

Threat Modeling Tool

Explanation of the Threat Modeling Tool

Automated Threat Modeling

STRIDE Threat Modeling

STRIDE Threat Modeling

The Ultimate List of STRIDE Threat Examples

STRIDE Threat Modeling Example for Better Understanding and Learning

STRIDE Threat Modeling in DevOps: A Perfect Fit

What is STRIDE Threat Modeling

How to STRIDE Threat Model

STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)

The Advantages of Using a Threat Modeling Tool for STRIDE

Threat Modeling

Threat Modeling

Threat Modeling Methods

What is Threat Modeling

Threat Modeling and DevOps

How to use Data Flow Diagrams in Threat Modeling

Threat Modeling Versus Vulnerability Management

CAPEC Threat Modeling

CAPEC Threat Modeling

Threat Modeling Framework

Threat Modeling Framework

Why Threat Modeling is Overly Complex and How We Can Simplify It

CIS Controls

CIS Controls (CIS Critical Security Controls)

OWASP Top 10

OWASP Top 10 2025

PASTA Threat Modeling

PASTA Threat Modeling

PASTA Threat Modeling and DevOps

A PASTA Threat Modeling Example

TRIKE Threat Modeling

Trike Threat Modeling

NIST

NIST CSF v1.1

LINDDUN Threat Modeling

LINDDUN Threat modeling

DREAD Threat Modeling

DREAD Threat Modeling

CISO Security Mind Map

CISO Security Mind Map 2025

CISO Security Mind Map 2026

AI Security

Adding AI to Applications: What You Need to Know for Safety and Security

CVE-2026-13500: ANTLR4 Code Injection in Grammar Action Block Handler — Developer Toolchain Supply Chain Vulnerability (CVSS 7.3)

CVE: CVE-2026-13500 | CVSS 3.1: 7.3 (HIGH) | CWE: Code Injection | Vendor: ANTLR / Terence Parr | Product: ANTLR4 through version 4.13.2 | Component: Grammar Action Block Handler (OutputFile.java) What Is the Vulnerability ANTLR4 (ANother Tool for Language Recognition) is one of the most widely used parser generators in software development. It converts grammar definitions — formal descriptions of language syntax — into…

Continue Reading CVE-2026-13500: ANTLR4 Code Injection in Grammar Action Block Handler — Developer Toolchain Supply Chain Vulnerability (CVSS 7.3)

Vulnerability Intelligence Report — June 29, 2026

Vulnerability Intelligence Report — June 29, 2026 Coverage: June 1–29, 2026 | Total CISA KEV additions (period): 22 | New KEVs: 0 | KEV deadline TODAY: Cisco SD-WAN CVE-2026-20262 — THE FINAL ACTIVE KEV DEADLINE | After today: KEV calendar CLEARS — zero active deadlines remaining | Total overdue KEVs: 27 Previous reports: June 28, 2026 | June 27, 2026 Monday, June 29, 2026…

Continue Reading Vulnerability Intelligence Report — June 29, 2026

Vulnerability Roundup: FFmpeg RASC Decoder Out-of-Bounds Write (CVE-2026-58049), RustDesk Session Permission Bypass (CVE-2026-58056), libssh2 Integer Overflow (CVE-2026-58050)

CVEs: CVE-2026-58049 (FFmpeg, CVSS 8.6), CVE-2026-58056 (RustDesk, CVSS 7.6), CVE-2026-58050 (libssh2, CVSS 7.0) | Date: June 28, 2026 FFmpeg CVE-2026-58049 — RASC Video Decoder Out-of-Bounds Write (CVSS 8.6) Software affected: FFmpeg — the near-universal multimedia framework. RASC video decoder (libavcodec/rasc.c). CVE: CVE-2026-58049 | CVSS 8.6 (HIGH) | CWE-787 Out-of-bounds Write. The RASC decoder’s decode_dlta function performs 32-bit reads and writes at the row cursor…

Continue Reading Vulnerability Roundup: FFmpeg RASC Decoder Out-of-Bounds Write (CVE-2026-58049), RustDesk Session Permission Bypass (CVE-2026-58056), libssh2 Integer Overflow (CVE-2026-58050)

Microsoft Secure Boot Certificate Expiry: KEK CA 2011 and UEFI CA 2011 Expired — Billions of PCs and Linux Distributions Affected

Operational Advisory — Not a Security Vulnerability. This is a certificate expiry event with global operational impact. No patch is required — UEFI firmware updates from device manufacturers are the remediation path. Certificates Expired: Microsoft Corporation KEK CA 2011 (June 24, 2026) + Microsoft UEFI CA 2011 (June 27, 2026) | Impact: Billions of PCs, all x86 devices since Windows 8 (2012), Linux distributions…

Continue Reading Microsoft Secure Boot Certificate Expiry: KEK CA 2011 and UEFI CA 2011 Expired — Billions of PCs and Linux Distributions Affected

CVE-2026-58053: Gitea act_runner Container Escape via Workflow Container Options — Docker Backend Bypass (CVSS 9.9)

CVE: CVE-2026-58053 | CVSS 3.1: 9.9 (CRITICAL) | CWE: CWE-269 Improper Privilege Management | Vendor: Gitea | Product: act_runner (CI/CD runner) with Docker backend through act 0.262.0 What Is the Vulnerability Gitea act_runner is the CI/CD pipeline execution engine for Gitea — a popular self-hosted Git platform. The Docker backend for act_runner passes a workflow’s container.options string directly to the Docker job container’s HostConfig…

Continue Reading CVE-2026-58053: Gitea act_runner Container Escape via Workflow Container Options — Docker Backend Bypass (CVSS 9.9)

Vulnerability Intelligence Report — June 28, 2026

Vulnerability Intelligence Report — June 28, 2026 Coverage: June 1–28, 2026 | Total CISA KEV additions (period): 22 | New KEVs: 0 | KEV deadline TODAY: DOUBLE (PTC Windchill + Cisco UCM, both actively exploited) | KEV deadline TOMORROW: Cisco SD-WAN — LAST active deadline of the period | Total overdue KEVs: 25 Previous reports: June 27, 2026 | June 26, 2026 Sunday, June…

Continue Reading Vulnerability Intelligence Report — June 28, 2026

Threat Modeling and Security by Design

Threat modeling and Security by Design methods, tools, and approaches to help secure your business and IT landscape.

Terms of Service | Privacy Policy

AI chatbot & help center by 99helpers.com

Threat Modeling
Threat Modeling Tool
Threat Modeling Tool Explainer
What is Threat Modeling?
STRIDE Threat Modeling
PASTA Threat Modeling
Automated Threat Modeling
Threat Modeling Framework
CISO Security Mind Map 2026
CIS Controls
OWASP Top 10

© Threat-Modeling.com