Threat Modeling and Security by Design
Threat modeling tooling: Use our tool to start threat modeling within minutes.
Solve your threat modeling problems: We can help you to implement threat modeling and security by design.
Learn about threat modeling: We have lots of content to teach you about threat modeling.
Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale
It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.
- Powerful assessment engine to understand potential threats and security weakness.
- Flexible Diagram engine to visualize components and communication flows in play.
- Clear reporting and metrics for compliance demonstration.
Try our threat modeling tool and get started within minutes!
Tooling
We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.
Templates
Templates can help to kickstart the process. We have lots of free templates available.
Examples
We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.
Threat Modeling ARTICLES
Threat Modeling Tooling
Explanation of the Threat Modeling Tool
STRIDE Threat Modeling
The Ultimate List of STRIDE Threat Examples
STRIDE Threat Modeling Example for Better Understanding and Learning
STRIDE Threat Modeling in DevOps: A Perfect Fit
What is STRIDE Threat Modeling
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
Threat Modeling
How to use Data Flow Diagrams in Threat Modeling
Threat Modeling Versus Vulnerability Management
CAPEC Threat Modeling
Threat Modeling Framework
Why Threat Modeling is Overly Complex and How We Can Simplify It
CIS Controls
CIS Controls (CIS Critical Security Controls)
OWASP Top 10
PASTA Threat Modeling
PASTA Threat Modeling and DevOps
A PASTA Threat Modeling Example
TRIKE Threat Modeling
NIST
LINDDUN Threat Modeling
DREAD Threat Modeling
CISO Security Mind Map
AI Security
Adding AI to Applications: What You Need to Know for Safety and Security
High Severity Vulnerability — CVSS 8.8 CVE-2026-6933 is a high-severity missing authorization vulnerability in the Premmerce Dev Tools WordPress plugin leading to unauthenticated remote code execution. CVSS Score: 8.8 (High) | Attack Complexity: Low | Privileges Required: None The plugin exposes privileged AJAX/REST API endpoints without authorization checks, allowing any unauthenticated attacker to execute arbitrary code on the WordPress server. CVE-2026-6933 is a high-severity…
What HappenedSecurity researchers have identified a concerning trend among ransomware gangs who are exploiting Microsoft Teams relay infrastructure to conceal their command-and-control (C2) traffic. By routing malicious communications through legitimate Microsoft 365 and Teams infrastructure, attackers can make their C2 traffic blend seamlessly with normal enterprise collaboration activity, evading traditional network-based detection mechanisms. This technique was first observed in the wild in June 2026…
Continue Reading Ransomware Gangs Abusing Microsoft Teams Relays to Hide Command-and-Control Traffic
What Is CVE-2026-8443?CVE-2026-8443 is a critical SQL injection vulnerability discovered in the WP Review Slider Pro WordPress plugin. The flaw resides in the wppro_get_o function, where user-supplied input via the stypes and slocations parameters is not properly sanitized before being used in SQL queries. This allows authenticated attackers — including those with subscriber-level privileges or higher — to inject arbitrary SQL commands into the…
CISA Known Exploited Vulnerability CVE-2026-48907 has been added to the CISA Known Exploited Vulnerabilities (KEV) Catalog. Date Added: June 16, 2026 | Due Date: June 19, 2026 Federal agencies and organisations following CISA Binding Operational Directive (BOD) 22-01 must remediate this vulnerability by the due date. This vulnerability is being actively exploited in the wild. CVE-2026-48907 is a critical-severity improper access control vulnerability in…
Critical Vulnerability — Actively Exploited Multiple critical-severity vulnerabilities in Fortinet FortiSandbox are being actively exploited in the wild. Product: FortiSandbox (Enterprise Malware Detonation Sandbox) | Status: Patches Pending — PSIRT Advisory In Progress A compromised FortiSandbox appliance creates a critical security blind spot — allowing attackers to bypass malware detection and deliver malicious payloads undetected into the protected enterprise network. Fortinet FortiSandbox is an…
Continue Reading Fortinet FortiSandbox Critical Vulnerabilities Actively Exploited in Attacks
What Happened Multiple malicious plugins hosted on the JetBrains Marketplace have been discovered actively exfiltrating AI API keys from developer environments. The rogue plugins target IDE-stored credentials for major AI service providers — including OpenAI, Anthropic, and Google AI — and transmit them to attacker-controlled infrastructure. The plugins are designed to appear legitimate, often mimicking popular developer tools or offering seemingly useful AI-assisted coding…