Threat Modeling and Security by Design
Threat modeling tooling: Use our tool to start threat modeling within minutes.
Solve your threat modeling problems: We can help you to implement threat modeling and security by design.
Learn about threat modeling: We have lots of content to teach you about threat modeling.
Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale
It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.
- Powerful assessment engine to understand potential threats and security weakness.
- Flexible Diagram engine to visualize components and communication flows in play.
- Clear reporting and metrics for compliance demonstration.
Try our threat modeling tool and get started within minutes!
Tooling
We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.
Templates
Templates can help to kickstart the process. We have lots of free templates available.
Examples
We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.
Threat Modeling ARTICLES
Threat Modeling Tooling
Explanation of the Threat Modeling Tool
STRIDE Threat Modeling
The Ultimate List of STRIDE Threat Examples
STRIDE Threat Modeling Example for Better Understanding and Learning
STRIDE Threat Modeling in DevOps: A Perfect Fit
What is STRIDE Threat Modeling
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
Threat Modeling
How to use Data Flow Diagrams in Threat Modeling
Threat Modeling Versus Vulnerability Management
CAPEC Threat Modeling
Threat Modeling Framework
Why Threat Modeling is Overly Complex and How We Can Simplify It
CIS Controls
CIS Controls (CIS Critical Security Controls)
OWASP Top 10
PASTA Threat Modeling
PASTA Threat Modeling and DevOps
A PASTA Threat Modeling Example
TRIKE Threat Modeling
NIST
LINDDUN Threat Modeling
DREAD Threat Modeling
CISO Security Mind Map
AI Security
Adding AI to Applications: What You Need to Know for Safety and Security
A critical privilege escalation vulnerability in the Kirki — Freeform Page Builder plugin for WordPress, tracked as CVE-2026-8206, allows unauthenticated attackers to take over any registered user account — including administrators — by supplying their own email address in a password reset request. The vulnerability carries a CVSS score of 9.8 and affects versions 6.0.0 through 6.0.6. The attack is trivially executable: a single…
IBM has disclosed three critical vulnerabilities in IBM WebSphere Application Server versions 8.5 and 9.0, tracked as CVE-2026-8644, CVE-2026-9311, and CVE-2026-9319. The vulnerabilities include identity spoofing (CVSS 9.1) and two remote code execution vectors (both CVSS 9.0) via security control bypass and JAX-WS deserialization. Organisations running WebSphere Application Server in production should apply all three fixes in a single coordinated maintenance window. What Are…
A hardcoded credentials vulnerability in Apache Solr, tracked as CVE-2026-44825, causes the Basic Authentication setup tool to silently install additional administrator accounts with publicly known default credentials alongside user-specified accounts. The vulnerability affects Apache Solr versions 9.4.0 through 10.0.0 and carries a CVSS score of 8.1. Any organisation that has used the Basic Authentication setup tool on a production Solr instance should immediately check…
Oracle WebLogic Server contains a vulnerability, tracked as CVE-2024-21182, that allows unauthenticated attackers with network access via the T3 and IIOP protocols to compromise the server and gain access to critical data. The vulnerability was originally patched in the July 2024 Oracle Critical Patch Update, but CISA has now added it to the Known Exploited Vulnerabilities (KEV) catalog on June 1, 2026 — nearly…
A critical memory overread vulnerability in Citrix NetScaler ADC and NetScaler Gateway, tracked as CVE-2026-3055, allows unauthenticated remote code execution when the appliance is configured as a SAML Identity Provider. The vulnerability carries a CVSS score of 9.8 and large-scale active exploitation has been confirmed by Fortinet’s threat intelligence team. Organisations running NetScaler appliances with SAML IDP functionality enabled are at immediate risk. What…
A critical stack-based buffer overflow vulnerability in the Windows Netlogon service, tracked as CVE-2026-41089, allows unauthenticated attackers to execute arbitrary code over the network on all supported versions of Windows Server. The vulnerability carries a CVSS score of 9.8 and affects every domain-joined Windows Server from 2012 through 2025. The Belgian government’s Centre for Cybersecurity (CCB) has issued an urgent warning about active exploitation,…