Threat Modeling and Security by Design
Threat modeling tooling: Use our tool to start threat modeling within minutes.
Solve your threat modeling problems: We can help you to implement threat modeling and security by design.
Learn about threat modeling: We have lots of content to teach you about threat modeling.
Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale
It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.
- Powerful assessment engine to understand potential threats and security weakness.
- Flexible Diagram engine to visualize components and communication flows in play.
- Clear reporting and metrics for compliance demonstration.
Try our threat modeling tool and get started within minutes!
Tooling
We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.
Templates
Templates can help to kickstart the process. We have lots of free templates available.
Examples
We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.
Threat Modeling ARTICLES
Threat Modeling Tooling
Explanation of the Threat Modeling Tool
STRIDE Threat Modeling
The Ultimate List of STRIDE Threat Examples
STRIDE Threat Modeling Example for Better Understanding and Learning
STRIDE Threat Modeling in DevOps: A Perfect Fit
What is STRIDE Threat Modeling
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
Threat Modeling
How to use Data Flow Diagrams in Threat Modeling
Threat Modeling Versus Vulnerability Management
CAPEC Threat Modeling
Threat Modeling Framework
Why Threat Modeling is Overly Complex and How We Can Simplify It
CIS Controls
CIS Controls (CIS Critical Security Controls)
OWASP Top 10
PASTA Threat Modeling
PASTA Threat Modeling and DevOps
A PASTA Threat Modeling Example
TRIKE Threat Modeling
NIST
LINDDUN Threat Modeling
DREAD Threat Modeling
CISO Security Mind Map
AI Security
Adding AI to Applications: What You Need to Know for Safety and Security
A server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager, tracked as CVE-2026-20230, allows an unauthenticated remote attacker to write files to the underlying operating system and subsequently escalate privileges to root. Although the CVSS score is 8.6, Cisco has assigned a Critical Security Impact Rating because exploitation can result in full root-level compromise of the device. Exploit code is publicly available, and…
Acer has confirmed two maximum-severity zero-day vulnerabilities in its Wave 7 mesh routers, tracked as CVE-2026-49200 and CVE-2026-49201. Together, they enable a complete device compromise chain: CVE-2026-49200 exposes plaintext administrator and Telnet credentials through an unprotected log file, and CVE-2026-49201 provides a hardcoded AES encryption key that allows persistent backdoor injection via modified device backups. No firmware patch is currently available. Organisations must apply…
A critical PHP object injection vulnerability in the Mirasvit Full Page Cache Warmer extension for Magento 2 / Adobe Commerce, tracked as CVE-2026-45247, allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. The vulnerability carries a CVSS score of 9.8, has been added to the CISA Known Exploited Vulnerabilities catalog with a federal agency…
Vulnerability Intelligence Report — June 4, 2026 Coverage: June 3–4, 2026 | New CISA KEV additions: 1 | New items: 5 | KEV deadlines today: 3 | KEV deadlines tomorrow: 2 | KEV deadlines June 6: 1 Previous reports: June 3, 2026 | June 2, 2026 | June 1, 2026 Today — June 4, 2026 — three CISA KEV remediation deadlines arrive for Oracle…
Continue Reading Vulnerability Intelligence Report — June 4, 2026
A high-severity vulnerability in Genetec Security Center, tracked as CVE-2026-40619, allows an attacker with local operating system privileges on the main server to access Server Admin credentials. The vulnerability was discovered by a third party hired by Genetec. There is currently no evidence of active exploitation. What Is the Vulnerability? CVE-2026-40619 is a credential exposure vulnerability in Genetec Security Center — an enterprise-grade video…
Eight vulnerabilities have been disclosed in OpenTelemetry eBPF Instrumentation, an open-source observability framework that provides eBPF-based instrumentation for the OpenTelemetry standard. The vulnerabilities span CVSS scores from 3.8 to 7.5 and include integer overflow, input validation flaws, buffer over-reads and under-reads, out-of-bounds reads, uncontrolled resource consumption, and log injection. All issues are fixed in version 0.8.0. What Are the Vulnerabilities? OpenTelemetry eBPF Instrumentation uses…