Threat Modeling and Security by Design
Threat modeling tooling: Use our tool to start threat modeling within minutes.
Solve your threat modeling problems: We can help you to implement threat modeling and security by design.
Learn about threat modeling: We have lots of content to teach you about threat modeling.
Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale
It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.
- Powerful assessment engine to understand potential threats and security weakness.
- Flexible Diagram engine to visualize components and communication flows in play.
- Clear reporting and metrics for compliance demonstration.
Try our threat modeling tool and get started within minutes!
Tooling
We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.
Templates
Templates can help to kickstart the process. We have lots of free templates available.
Examples
We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.
Threat Modeling ARTICLES
Threat Modeling Tooling
Explanation of the Threat Modeling Tool
STRIDE Threat Modeling
The Ultimate List of STRIDE Threat Examples
STRIDE Threat Modeling Example for Better Understanding and Learning
STRIDE Threat Modeling in DevOps: A Perfect Fit
What is STRIDE Threat Modeling
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
Threat Modeling
How to use Data Flow Diagrams in Threat Modeling
Threat Modeling Versus Vulnerability Management
CAPEC Threat Modeling
Threat Modeling Framework
Why Threat Modeling is Overly Complex and How We Can Simplify It
CIS Controls
CIS Controls (CIS Critical Security Controls)
OWASP Top 10
PASTA Threat Modeling
PASTA Threat Modeling and DevOps
A PASTA Threat Modeling Example
TRIKE Threat Modeling
NIST
LINDDUN Threat Modeling
DREAD Threat Modeling
CISO Security Mind Map
AI Security
Adding AI to Applications: What You Need to Know for Safety and Security
Overview pgAdmin 4, the most widely used open-source administration and development platform for PostgreSQL, has disclosed multiple critical vulnerabilities in a June 2026 security advisory. Used by virtually every database administrator managing PostgreSQL deployments, these flaws affect all releases prior to version 9.2. The advisory covers four CVEs: stored cross-site scripting (XSS) rated 9.3, an AI assistant security bypass rated 9.0, a cross-site request…
Actively Exploited â Information Disclosure CVE-2026-4020 is an unauthenticated information disclosure vulnerability in the Gravity SMTP WordPress plugin, actively installed on over 100,000 sites. CVSS Score: Medium | Attack Complexity: Low | Privileges Required: None Wordfence has blocked over 17 million exploitation attempts against protected customers, with a spike of 4 million requests on June 7, 2026. What Happened Threat actors are actively exploiting…
What Happened The Icarus threat actor group has significantly expanded its exploitation of the Klue OAuth token breach, pivoting from initial reconnaissance to full-scale Salesforce data theft operations. The group is compromising OAuth tokens obtained through the Klue breach to gain unauthorized access to victim organizations’ Salesforce environments. The victim list is growing as the threat actor systematically enumerates and exfiltrates data from compromised…
Continue Reading Icarus Threat Actor Expands Klue OAuth Breach with Salesforce Data Theft Attacks
Vulnerability Intelligence Report — June 20, 2026 (Saturday Edition) Coverage: June 1–20, 2026 | Total CISA KEV additions (period): 16 | New KEVs: 0 | KEV deadline TOMORROW: Splunk Enterprise (Sunday, actively exploited) | New overdue KEVs: +3 (Joomla, SolarWinds, LiteSpeed) | Total overdue KEVs: 10 Previous reports: June 19, 2026 | June 18, 2026 Today — Saturday, June 20, 2026 — is the…
Continue Reading Vulnerability Intelligence Report — June 20, 2026
CISA Known Exploited Vulnerability (KEV): Added to the CISA KEV Catalog on June 18, 2026. Action due Sunday, June 21, 2026. BOD 26-04 3-day patch mandate applies.CVE: CVE-2026-20253 | CWE: CWE-306 (Missing Authentication for Critical Function) | Vendor: Splunk | Product: Splunk Enterprise | Component: PostgreSQL sidecar service endpointWhat Is the VulnerabilitySplunk Enterprise contains a missing authentication vulnerability in a PostgreSQL sidecar service endpoint.…
Continue Reading CVE-2026-20253: Splunk Enterprise Missing Authentication Vulnerability (CISA KEV)
What Happened On or around June 18, 2026, the update mechanism for the popular ShapedPlugin family of WordPress plugins was compromised in a supply-chain attack. Threat actors gained access to the vendor’s update infrastructure, injecting malicious code into plugin updates distributed through the standard WordPress update flow. This marks the third major WordPress ecosystem supply-chain incident this period, following similar compromises of UpdraftPlus and…
Continue Reading ShapedPlugin WordPress Update Flow Compromised in Supply-Chain Attack