Threat Modeling and Security by Design
Threat modeling tooling: Use our tool to start threat modeling within minutes.
Solve your threat modeling problems: We can help you to implement threat modeling and security by design.
Learn about threat modeling: We have lots of content to teach you about threat modeling.
Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale
It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.
- Powerful assessment engine to understand potential threats and security weakness.
- Flexible Diagram engine to visualize components and communication flows in play.
- Clear reporting and metrics for compliance demonstration.
Try our threat modeling tool and get started within minutes!
Tooling
We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.
Templates
Templates can help to kickstart the process. We have lots of free templates available.
Examples
We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.
Threat Modeling ARTICLES
Threat Modeling Tooling
Explanation of the Threat Modeling Tool
STRIDE Threat Modeling
The Ultimate List of STRIDE Threat Examples
STRIDE Threat Modeling Example for Better Understanding and Learning
STRIDE Threat Modeling in DevOps: A Perfect Fit
What is STRIDE Threat Modeling
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
Threat Modeling
How to use Data Flow Diagrams in Threat Modeling
Threat Modeling Versus Vulnerability Management
CAPEC Threat Modeling
Threat Modeling Framework
Why Threat Modeling is Overly Complex and How We Can Simplify It
CIS Controls
CIS Controls (CIS Critical Security Controls)
OWASP Top 10
PASTA Threat Modeling
PASTA Threat Modeling and DevOps
A PASTA Threat Modeling Example
TRIKE Threat Modeling
NIST
LINDDUN Threat Modeling
DREAD Threat Modeling
CISO Security Mind Map
AI Security
Adding AI to Applications: What You Need to Know for Safety and Security
Coverage: 4 infrastructure vulnerabilities across 7-Zip, KubeVirt, WSO2 API Manager, and Apache Airflow | Highest CVSS: 8.5 | Date: June 26–27, 2026 7-Zip 26.02 — Multiple Bugs and Vulnerabilities Patched Software affected: 7-Zip versions prior to 26.02 — one of the most widely deployed compression tools on Windows and cross-platform. Status: 7-Zip 26.02 patches multiple bugs and vulnerabilities. Specific CVE identifiers and technical details…
CVE: Not yet assigned | CVSS: 9.8 (Critical) | Vendor: Python Software Foundation | Product: python.org Release Management API What Is the Vulnerability A critical authentication bypass vulnerability was discovered in python.org’s release management API, the infrastructure that controls the distribution of official Python packages to millions of users worldwide. The flaw allowed attackers to completely bypass authentication mechanisms and impersonate administrators, potentially gaining…
CVE: CVE-2026-43503 | CVSS: 7.8 (High) | Vendor: Linux Kernel | Product: Linux Kernel Networking Stack What Is the Vulnerability CVE-2026-43503, dubbed “DirtyClone” following the tradition of Dirty COW and Dirty Pipe Linux kernel exploits, is a local privilege escalation vulnerability in the Linux kernel. An unprivileged local user can gain root access by manipulating cloned network packets, abusing copy-on-write (COW) and cloning mechanisms…
CVE: CVE-2026-9733 | CVSS 3.1: 9.1 (CRITICAL) | CWE: CWE-340 (Generation of Predictable Numbers or Identifiers) | Vendor: Mojolicious | Product: Mojolicious::Plugin::Web::Auth::OAuth2 | Affected versions: ≤ 0.17 What Is the Vulnerability CVE-2026-9733 is a critical vulnerability in the Mojolicious OAuth2 plugin for Perl that enables OAuth2 authorization code interception attacks. The plugin’s default state parameter generation is cryptographically weak, using a SHA-1 hash of…
CVE: CVE-2026-12866 | CVSS 3.1: 9.8 (CRITICAL) | CWE: CWE-94 (Improper Control of Generation of Code — Code Injection) | Vendor: silentmatt | Product: expr-eval | Affected versions: All versions (1.0.0 through latest) What Is the Vulnerability CVE-2026-12866 is a critical arbitrary code execution vulnerability in the expr-eval JavaScript library, a popular expression evaluation package with over 2 million weekly downloads on npm. The…
CVE: CVE-2026-11374 | CVSS 3.1: 9.0 (CRITICAL) | CWE: CWE-340 (Generation of Predictable Numbers or Identifiers) | Vendor: ManageEngine (Zoho Corp) | Product: ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, ADAudit Plus | Affected versions: Multiple versions across all four products What Is the Vulnerability CVE-2026-11374 is a critical vulnerability in ManageEngine’s SSO token generation mechanism that affects four major enterprise products simultaneously: ADSelfService…