Threat Modeling and Security by Design

Threat modeling tooling: Use our tool to start threat modeling within minutes.

Solve your threat modeling problems: We can help you to implement threat modeling and security by design.

Learn about threat modeling: We have lots of content to teach you about threat modeling.

View Articles

Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale

It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.

  • Powerful assessment engine to understand potential threats and security weakness.
  • Flexible Diagram engine to visualize components and communication flows in play.
  • Clear reporting and metrics for compliance demonstration.

Try our threat modeling tool and get started within minutes!

Methods

Learn about the various threat modeling methods such as STRIDE, PASTA, LINDDUN, and Persona non Grata.

Tooling

We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.

Templates

Templates can help to kickstart the process. We have lots of free templates available.

Examples

We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.

Threat Modeling ARTICLES

Threat Modeling Tooling

Threat Modeling Tool

Explanation of the Threat Modeling Tool

Automated Threat Modeling

STRIDE Threat Modeling

STRIDE Threat Modeling

The Ultimate List of STRIDE Threat Examples

STRIDE Threat Modeling Example for Better Understanding and Learning

STRIDE Threat Modeling in DevOps: A Perfect Fit

What is STRIDE Threat Modeling

How to STRIDE Threat Model

STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)

The Advantages of Using a Threat Modeling Tool for STRIDE

Threat Modeling

Threat Modeling

Threat Modeling Methods

What is Threat Modeling

Threat Modeling and DevOps

How to use Data Flow Diagrams in Threat Modeling

Threat Modeling Versus Vulnerability Management

CAPEC Threat Modeling

CAPEC Threat Modeling

Threat Modeling Framework

Threat Modeling Framework

Why Threat Modeling is Overly Complex and How We Can Simplify It

CIS Controls

CIS Controls (CIS Critical Security Controls)

OWASP Top 10

OWASP Top 10 2025

PASTA Threat Modeling

PASTA Threat Modeling

PASTA Threat Modeling and DevOps

A PASTA Threat Modeling Example

TRIKE Threat Modeling

Trike Threat Modeling

NIST

NIST CSF v1.1

LINDDUN Threat Modeling

LINDDUN Threat modeling

DREAD Threat Modeling

DREAD Threat Modeling

CISO Security Mind Map

CISO Security Mind Map 2025

CISO Security Mind Map 2026

AI Security

Adding AI to Applications: What You Need to Know for Safety and Security

Ivanti Sentry Critical Vulnerabilities: Remote Takeover of Mobile Device Gateway Appliances

Critical vulnerabilities in Ivanti Sentry (formerly MobileIron Sentry) enable remote attackers to take over affected gateway appliances. Ivanti Sentry serves as the secure gateway between mobile devices and enterprise backend resources — it enforces access policies for email, documents, and internal applications accessed from smartphones and tablets. What Is the Vulnerability? Multiple critical vulnerabilities have been disclosed in Ivanti Sentry, the gateway appliance that…

Continue Reading Ivanti Sentry Critical Vulnerabilities: Remote Takeover of Mobile Device Gateway Appliances

Veeam Backup & Replication Critical Remote Code Execution: Backup Servers at Direct Risk of Compromise

A critical remote code execution vulnerability in Veeam Backup & Replication allows attackers to execute arbitrary code on backup servers. Veeam is the most widely deployed enterprise backup and recovery platform — it protects the data of hundreds of thousands of organisations globally. Backup servers are the last line of defence against ransomware: a compromised backup server gives attackers the ability to destroy or…

Continue Reading Veeam Backup & Replication Critical Remote Code Execution: Backup Servers at Direct Risk of Compromise

Vulnerability Intelligence Report — June 11, 2026

Vulnerability Intelligence Report — June 11, 2026 Coverage: June 10–11, 2026 | New CISA KEV additions: 0 | KEV deadlines today: 1 | Patch Tuesday deployment ongoing Previous reports: June 10, 2026 | June 9, 2026 Today — June 11, 2026 — is the CISA KEV remediation deadline for Check Point Security Gateway (CVE-2026-50751). The Dutch NCSC warned yesterday of expected large-scale abuse, and…

Continue Reading Vulnerability Intelligence Report — June 11, 2026

SolarWinds Serv-U Denial of Service (CVE-2026-28318): CISA KEV — Actively Exploited Unauthenticated Service Crash via Crafted POST Requests

An uncontrolled resource consumption vulnerability in SolarWinds Serv-U, tracked as CVE-2026-28318, allows unauthenticated attackers to crash the Serv-U service by sending crafted POST requests with the Content-Encoding: deflate header. CISA added this vulnerability to the Known Exploited Vulnerabilities catalog on June 5, 2026 with a federal agency remediation deadline of June 19, 2026. Active exploitation has been confirmed. What Is the Vulnerability? CVE-2026-28318 is…

Continue Reading SolarWinds Serv-U Denial of Service (CVE-2026-28318): CISA KEV — Actively Exploited Unauthenticated Service Crash via Crafted POST Requests

Arista EOS Tunnel Decapsulation Vulnerability (CVE-2026-7473): CISA KEV — Incorrect Packet Forwarding Enables Network Bypass

A vulnerability in Arista Extensible Operating System (EOS), tracked as CVE-2026-7473, causes switches to incorrectly decapsulate and forward unexpected tunneled packets when tunnel decapsulation configurations such as VXLAN, decap-groups, or GRE tunnel interfaces are present. CISA added this vulnerability to the Known Exploited Vulnerabilities catalog on June 9, 2026 with a federal agency remediation deadline of June 23, 2026. What Is the Vulnerability? CVE-2026-7473…

Continue Reading Arista EOS Tunnel Decapsulation Vulnerability (CVE-2026-7473): CISA KEV — Incorrect Packet Forwarding Enables Network Bypass

Nuance PowerScribe Deserialization Remote Code Execution (CVE-2026-26142): Unauthorized Code Execution in Healthcare Speech Recognition Platform

A deserialization vulnerability in Nuance PowerScribe, tracked as CVE-2026-26142 (CVSS 9.8), allows an unauthorised attacker to execute arbitrary code over a network. Nuance PowerScribe is a widely deployed speech recognition and reporting platform used in healthcare for radiology and clinical documentation. What Is the Vulnerability? CVE-2026-26142 is a deserialization of untrusted data vulnerability (CWE-502) in Nuance PowerScribe. Deserialization flaws allow attackers to craft malicious…

Continue Reading Nuance PowerScribe Deserialization Remote Code Execution (CVE-2026-26142): Unauthorized Code Execution in Healthcare Speech Recognition Platform

Threat Modeling and Security by Design

Threat modeling and Security by Design methods, tools, and approaches to help secure your business and IT landscape.

Terms of Service | Privacy Policy

AI chatbot & help center by 99helpers.com

Threat Modeling
Threat Modeling Tool
Threat Modeling Tool Explainer
What is Threat Modeling?
STRIDE Threat Modeling
PASTA Threat Modeling
Automated Threat Modeling
Threat Modeling Framework
CISO Security Mind Map 2026
CIS Controls
OWASP Top 10

© Threat-Modeling.com