Threat Modeling and Security by Design
Threat modeling tooling: Use our tool to start threat modeling within minutes.
Solve your threat modeling problems: We can help you to implement threat modeling and security by design.
Learn about threat modeling: We have lots of content to teach you about threat modeling.
Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale
It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.
- Powerful assessment engine to understand potential threats and security weakness.
- Flexible Diagram engine to visualize components and communication flows in play.
- Clear reporting and metrics for compliance demonstration.
Try our threat modeling tool and get started within minutes!
Tooling
We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.
Templates
Templates can help to kickstart the process. We have lots of free templates available.
Examples
We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.
Threat Modeling ARTICLES
Threat Modeling Tooling
Explanation of the Threat Modeling Tool
STRIDE Threat Modeling
The Ultimate List of STRIDE Threat Examples
STRIDE Threat Modeling Example for Better Understanding and Learning
STRIDE Threat Modeling in DevOps: A Perfect Fit
What is STRIDE Threat Modeling
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
Threat Modeling
How to use Data Flow Diagrams in Threat Modeling
Threat Modeling Versus Vulnerability Management
CAPEC Threat Modeling
Threat Modeling Framework
Why Threat Modeling is Overly Complex and How We Can Simplify It
CIS Controls
CIS Controls (CIS Critical Security Controls)
OWASP Top 10
PASTA Threat Modeling
PASTA Threat Modeling and DevOps
A PASTA Threat Modeling Example
TRIKE Threat Modeling
NIST
LINDDUN Threat Modeling
DREAD Threat Modeling
CISO Security Mind Map
AI Security
Adding AI to Applications: What You Need to Know for Safety and Security
Drupal has disclosed a critical SQL injection vulnerability in Drupal Core, tracked as CVE-2026-9082, that carries a CVSS score of 9.8. The vulnerability has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog and is being actively exploited in the wild. As of May 28, 2026, the CISA-mandated remediation deadline of May 27, 2026 has now passed — meaning any organization still running…
Quick Reference – Active Vulnerabilities and Affected Software Nx Console: CVE-2026-48027 (KEV, due June 10) TanStack: CVE-2026-45321 (KEV, due June 10) Daemon Tools Lite: CVE-2026-8398 (KEV, due May 30) LiteSpeed cPanel Plugin: CVE-2026-48172 (KEV, due May 29) Drupal Core: CVE-2026-9082 (KEV, due May 27) Joomla: CVE-2026-35221, CVE-2026-35222, CVE-2026-40383, CVE-2026-48899, CVE-2026-48904 Perl: CVE-2026-8376 WordPress Login with OTP Plugin: CVE-2026-8760 IBM Langflow OSS: CVE-2026-7524 FastNetMon Community…
Continue Reading Vulnerability Intelligence Report – May 28, 2026
QUICK REFERENCE – Active Vulnerabilities and Affected Software Cisco Catalyst SD-WAN Controller and Manager: CVE-2026-20182, CVE-2026-20127 Palo Alto Networks PAN-OS (User-ID Authentication Portal): CVE-2026-0300 cPanel and WHM: CVE-2026-41940 LiteSpeed cPanel Plugin: CVE-2026-48172 Drupal Core: CVE-2026-9082 LiteLLM Proxy: CVE-2026-42208 Linux kernel (algif_aead): CVE-2026-31431 Trend Micro Apex One (on-premise): CVE-2026-34926 Ivanti Endpoint Manager Mobile (EPMM): CVE-2026-6973 Microsoft Defender: CVE-2026-41091, CVE-2026-45498 Microsoft Exchange Server: CVE-2026-42897 Microsoft Windows…
Quick Summary This report covers the following active vulnerabilities: Ghost CMS – CVE-2026-26980: SQL injection, mass exploitation of 700+ websites KnowledgeDeliver LMS – CVE-2026-5426: ViewState deserialization zero-day, web shell deployment OpenPrinting CUPS – CVE-2026-34980 + CVE-2026-34990: Unauthenticated remote code execution to root Drupal – CVE-2026-9082: SQL injection in PostgreSQL backends, active exploitation dnsmasq – CVE-2026-4890/4891/4892/4893/5172/6507: Multiple vulnerabilities including RCE Underminr – CDN infrastructure abuse…
Continue Reading Vulnerability Intelligence Report – May 26, 2026
Threat Intelligence Brief — May 25, 2026 Coverage: May 24–25, 2026 Previous reports: May 23, 2026 | May 22, 2026 | May 21, 2026 New vulnerability entries are listed first. Items from earlier reports that carry a material update or are newly added to the CISA KEV catalog are summarised in the updates section at the bottom, with links to the original detailed entries.…
Continue Reading Vulnerability Intelligence Report — May 25, 2026
Threat Intelligence Brief — May 23, 2026 Coverage: May 22–23, 2026 | New CVEs this report: 7 | New supply chain incidents: 2 Previous reports: May 22, 2026 | May 21, 2026 This report covers new vulnerability disclosures and security incidents identified on May 22 and 23, 2026. Items that were covered in earlier reports and carry no major new information are summarised with…
Continue Reading Vulnerability Intelligence Report — May 23, 2026