Threat Modeling and Security by Design
Threat modeling tooling: Use our tool to start threat modeling within minutes.
Solve your threat modeling problems: We can help you to implement threat modeling and security by design.
Learn about threat modeling: We have lots of content to teach you about threat modeling.
Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale
It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.
- Powerful assessment engine to understand potential threats and security weakness.
- Flexible Diagram engine to visualize components and communication flows in play.
- Clear reporting and metrics for compliance demonstration.
Try our threat modeling tool and get started within minutes!
Tooling
We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.
Templates
Templates can help to kickstart the process. We have lots of free templates available.
Examples
We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.
Threat Modeling ARTICLES
Threat Modeling Tooling
Explanation of the Threat Modeling Tool
STRIDE Threat Modeling
The Ultimate List of STRIDE Threat Examples
STRIDE Threat Modeling Example for Better Understanding and Learning
STRIDE Threat Modeling in DevOps: A Perfect Fit
What is STRIDE Threat Modeling
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
Threat Modeling
How to use Data Flow Diagrams in Threat Modeling
Threat Modeling Versus Vulnerability Management
CAPEC Threat Modeling
Threat Modeling Framework
Why Threat Modeling is Overly Complex and How We Can Simplify It
CIS Controls
CIS Controls (CIS Critical Security Controls)
OWASP Top 10
PASTA Threat Modeling
PASTA Threat Modeling and DevOps
A PASTA Threat Modeling Example
TRIKE Threat Modeling
NIST
LINDDUN Threat Modeling
DREAD Threat Modeling
CISO Security Mind Map
AI Security
Adding AI to Applications: What You Need to Know for Safety and Security
The FortiBleed campaign has taken a dangerous turn. Initially documented as a passive exploitation vector leveraging the CVE-2022-40684 authentication bypass to exfiltrate FortiGate configuration files and VPN credentials from memory dumps, the threat actor has now escalated to active credential interception. New evidence reveals that the attackers deployed a custom-built network sniffer directly on compromised FortiGate appliances, transforming the operation from opportunistic data harvesting…
Continue Reading FortiBleed Campaign Used Custom FortiGate Sniffer to Intercept VPN Credentials
What Happened Security researchers have identified a critical code execution vulnerability (CVE-2026-XXXXX, CVSS 9.8) in Microsoft AutoGen Studio, the open-source multi-agent AI framework maintained by Microsoft Research. The flaw resides in AutoGen Studio’s agent sandbox mechanism, which fails to properly isolate Python code executed by AI agents during multi-agent workflows. AutoGen Studio allows users to define multi-agent conversations where LLM-powered agents generate and execute…
What HappenedA critical heap-based buffer overflow vulnerability—dubbed PixelSmash—has been discovered in FFmpeg’s core video decoder pipeline. The flaw resides in the pixel format conversion and scaling subsystem, where specially crafted video frames can trigger an out-of-bounds write during decode. Exploitation requires only that a victim process a malicious video file or stream; no user interaction beyond that is needed. The vulnerability has been assigned…
Vulnerability Intelligence Report — June 23, 2026 Coverage: June 1–23, 2026 | Total CISA KEV additions (period): 16 | New KEVs: 0 | KEV deadlines TODAY: TRIPLE (Chromium V8, Arista EOS, Cisco SD-WAN) | LiteLLM deadline passed (June 22) | Next KEV: Cisco SD-WAN CVE-2026-20262 (June 29) | Total overdue KEVs: 12 Previous reports: June 22, 2026 | June 21, 2026 Today — Tuesday,…
Continue Reading Vulnerability Intelligence Report — June 23, 2026
Note: This advisory covers 5 newly disclosed LiteLLM CVEs. For the CISA KEV CVE-2026-42271 (command injection, due TODAY June 22), see our dedicated CVE-2026-42271 advisory.BerriAI LiteLLM, the widely deployed open-source LLM gateway, has disclosed five additional vulnerabilities covering authentication bypass, API key exposure, and authorization weaknesses. These were disclosed over the weekend of June 21-22 and should be addressed alongside today’s CISA KEV deadline…
Vulnerability Intelligence Report — June 22, 2026 Coverage: June 1–22, 2026 | Total CISA KEV additions (period): 16 | New KEVs: 0 | KEV deadline TODAY: BerriAI LiteLLM | KEV deadlines TOMORROW: Triple (Chromium V8, Arista EOS, Cisco SD-WAN) | Splunk deadline passed (June 21) | Total overdue KEVs: 11 Previous reports: June 21, 2026 | June 20, 2026 Today — Monday, June 22,…
Continue Reading Vulnerability Intelligence Report — June 22, 2026