Threat Modeling and Security by Design
Threat modeling tooling: Use our tool to start threat modeling within minutes.
Solve your threat modeling problems: We can help you to implement threat modeling and security by design.
Learn about threat modeling: We have lots of content to teach you about threat modeling.
Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale
It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.
- Powerful assessment engine to understand potential threats and security weakness.
- Flexible Diagram engine to visualize components and communication flows in play.
- Clear reporting and metrics for compliance demonstration.
Try our threat modeling tool and get started within minutes!
Tooling
We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.
Templates
Templates can help to kickstart the process. We have lots of free templates available.
Examples
We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.
Threat Modeling ARTICLES
Threat Modeling Tooling
Explanation of the Threat Modeling Tool
STRIDE Threat Modeling
The Ultimate List of STRIDE Threat Examples
STRIDE Threat Modeling Example for Better Understanding and Learning
STRIDE Threat Modeling in DevOps: A Perfect Fit
What is STRIDE Threat Modeling
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
Threat Modeling
How to use Data Flow Diagrams in Threat Modeling
Threat Modeling Versus Vulnerability Management
CAPEC Threat Modeling
Threat Modeling Framework
Why Threat Modeling is Overly Complex and How We Can Simplify It
CIS Controls
CIS Controls (CIS Critical Security Controls)
OWASP Top 10
PASTA Threat Modeling
PASTA Threat Modeling and DevOps
A PASTA Threat Modeling Example
TRIKE Threat Modeling
NIST
LINDDUN Threat Modeling
DREAD Threat Modeling
CISO Security Mind Map
AI Security
Adding AI to Applications: What You Need to Know for Safety and Security
CVE-2026-11624 — Model Context Protocol (MCP) DNS Rebinding | Origin Header Validation Bypass | AI Agent Infrastructure Affects MCP server implementations prior to v0.25. Enables DNS rebinding attacks where a browser can be tricked into connecting to a local MCP server and executing arbitrary tool calls. CVE-2026-11624 is a significant vulnerability in the Model Context Protocol (MCP), the open protocol that underpins much of…
CVE-2026-9848 \u2014 WP Ticket WordPress Plugin SQL Injection CVSS 7.5 (HIGH) | Unauthenticated SQL Injection | Affects WP Ticket \u2264 6.0.4 The WP Ticket plugin hooks into WordPress native search and passes unsanitised input from the s query parameter directly into SQL queries, enabling unauthenticated attackers to extract sensitive data from the WordPress database. CVE-2026-9848 is a high-severity unauthenticated SQL injection vulnerability in the…
Continue Reading CVE-2026-9848: WP Ticket WordPress Plugin SQL Injection Vulnerability (CVSS 7.5)
ABRT/libreport Security Advisory — Four TOCTOU and race condition vulnerabilities have been disclosed in ABRT (Automatic Bug Reporting Tool) and libreport, the crash reporting infrastructure used by Red Hat Enterprise Linux, Fedora, and their derivatives. These vulnerabilities (CVE-2026-54228 through CVE-2026-54231) enable local privilege escalation through symlink following, TOCTOU race conditions, and content injection attacks against the crash reporting pipeline. All multi-user Linux systems running…
CVE-2026-11769 — Grafana Operator Critical | Path Traversal & Privilege Escalation | Kubernetes Operator Affects Grafana Operator versions prior to 5.24.0. Rated CRITICAL by the vendor. Enables attackers to traverse filesystem paths and escalate privileges within Kubernetes clusters. CVE-2026-11769 is a critical vulnerability in the Grafana Operator for Kubernetes, rated CRITICAL by Grafana. This flaw combines path traversal with privilege escalation, allowing an attacker…
CVE-2026-54420 \u2014 LiteSpeed cPanel Plugin Symlink Mishandling CVSS 8.5 (HIGH) | CWE-61: UNIX Symbolic Link Following | Affects LiteSpeed cPanel Plugin < 2.4.8 A user with FTP or web shell access on a shared hosting server can exploit symlink mishandling in the LiteSpeed cPanel plugin to read files belonging to other customers. Shared hosting providers should treat this as a high-priority upgrade. CVE-2026-54420 is…
Vulnerability Intelligence Report — June 14, 2026 Coverage: June 1–14, 2026 | New CISA KEV additions (period): 12 | New KEV since yesterday: 0 | KEV deadline TODAY: Ivanti Sentry | KEV deadline TOMORROW: Oracle PeopleSoft | Overdue KEVs: 5 Previous reports: June 13, 2026 | June 12, 2026 Today — Saturday, June 14, 2026 — marks the CISA KEV remediation deadline for Ivanti…
Continue Reading Vulnerability Intelligence Report — June 14, 2026