Threat Modeling and Security by Design
Threat modeling tooling: Use our tool to start threat modeling within minutes.
Solve your threat modeling problems: We can help you to implement threat modeling and security by design.
Learn about threat modeling: We have lots of content to teach you about threat modeling.
Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale
It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.
- Powerful assessment engine to understand potential threats and security weakness.
- Flexible Diagram engine to visualize components and communication flows in play.
- Clear reporting and metrics for compliance demonstration.
Try our threat modeling tool and get started within minutes!
Tooling
We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.
Templates
Templates can help to kickstart the process. We have lots of free templates available.
Examples
We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.
Threat Modeling ARTICLES
Threat Modeling Tooling
Explanation of the Threat Modeling Tool
STRIDE Threat Modeling
The Ultimate List of STRIDE Threat Examples
STRIDE Threat Modeling Example for Better Understanding and Learning
STRIDE Threat Modeling in DevOps: A Perfect Fit
What is STRIDE Threat Modeling
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
Threat Modeling
How to use Data Flow Diagrams in Threat Modeling
Threat Modeling Versus Vulnerability Management
CAPEC Threat Modeling
Threat Modeling Framework
Why Threat Modeling is Overly Complex and How We Can Simplify It
CIS Controls
CIS Controls (CIS Critical Security Controls)
OWASP Top 10
PASTA Threat Modeling
PASTA Threat Modeling and DevOps
A PASTA Threat Modeling Example
TRIKE Threat Modeling
NIST
LINDDUN Threat Modeling
DREAD Threat Modeling
CISO Security Mind Map
AI Security
Adding AI to Applications: What You Need to Know for Safety and Security
CVEs: CVE-2026-9780 through CVE-2026-9787, plus CVE-2026-7569 and CVE-2026-7570 | CVSS 3.1: 8.8 (HIGH) for all 8 CVEs | Vendor: Quest | Product: NetVault Backup What Is the Vulnerability Quest NetVault Backup contains 8 vulnerabilities that can be chained together to achieve unauthenticated remote code execution on the backup server. The attack chain combines SQL injection vulnerabilities across multiple NetVault components with cross-site scripting (XSS)-based…
Version: cURL 8.21.0 | Vulnerabilities Patched: 18 (record) | Oldest Flaw: CVE-2026-8932 (25 years, since curl 7.7, March 2001) | Severity Range: Low to Medium | Install Base: 20+ billion devices | Vendor: cURL / Daniel Stenberg What Happened cURL maintainer Daniel Stenberg released version 8.21.0 patching a record 18 vulnerabilities — the most ever fixed in a single cURL release. The previous record…
CVE: CVE-2026-40079 | CVSS: 9.8 | Vendor: Cacti | Product: Cacti Network Monitoring What Is the Vulnerability CVE-2026-40079 is a command injection vulnerability (CWE-88) in Cacti, the widely deployed open-source network monitoring and graphing tool. It carries the maximum severity CVSS score of 9.8 — network-exploitable, no authentication required, no user interaction, low attack complexity, and full confidentiality, integrity, and availability impact. The root…
CISA Known Exploited Vulnerability (KEV): Added to the CISA KEV Catalog on June 25, 2026. Action due June 28, 2026. BOD 26-04 3-day patch mandate applies. CVE: CVE-2026-12569 | CVSS: 9.1 | Vendor: PTC | Product: Windchill, FlexPLM, Creo Parametric Server (CPS) What Is the Vulnerability CVE-2026-12569 is a deserialization of untrusted data vulnerability (CWE-502) in PTC Windchill, FlexPLM, and Creo Parametric Server (CPS)…
Vulnerability Intelligence Report — June 26, 2026 Coverage: June 1–26, 2026 | Total CISA KEV additions (period): 22 | New KEVs: 2 (Cisco UCM, PTC Windchill/FlexPLM) | KEV deadline TODAY: QUADRUPLE (Ubiquiti UniFi OS x3 + Lantronix EDS5000 — all BOD 26-04) | Next KEV: Cisco SD-WAN CVE-2026-20262 (June 29) + 2 new due June 28 | Total overdue KEVs: 19 (quadruple deadline passes…
Continue Reading Vulnerability Intelligence Report — June 26, 2026
CVE: CVE-2026-13021 through CVE-2026-13030 (10 CVEs) | Highest CVSS 3.1: 9.6 (CRITICAL) — CVE-2026-13028 | Vendor: Google | Product: Chrome 149.0.7827.197 | Platforms: Windows, Mac, Linux, Android What Is the Vulnerability Google released Chrome 149.0.7827.197 on June 24, 2026, patching 10 security vulnerabilities. The most severe is CVE-2026-13028, a critical WebGL use-after-free vulnerability rated CVSS 9.6 that enables remote code execution on Android devices.…