Threat Modeling Framework
The Threat Modeling Framework describes activities & components needed to perform threat modeling in a structured and systematic manner, from external factors influencing a threat model to the core threats … Read More
STRIDE Threat Modeling Frequently Asked Questions and Answers (FAQs)
In this article, I’ll provide STRIDE threat modeling frequently asked questions and answers. What is STRIDE Threat Modeling? STRIDE threat modeling is a threat modeling … Read More
How to use Data Flow Diagrams in Threat Modeling
In this article, I describe how to use Data Flow Diagrams in threat modeling. Data Flow Diagrams (or DFDs for short) are used extensively in … Read More
How to STRIDE Threat Model
In this article, I describe how to STRIDE threat model. STRIDE is a threat modeling method that can help you to identify potential security threats … Read More
What is STRIDE Threat Modeling
What is STRIDE threat modeling: STRIDE threat modeling is a threat modeling method based on the mnemonic spelled out by STRIDE: Spoofing, Tampering, Repudiation, Information … Read More
A PASTA Threat Modeling Example
In this article, I’m going to provide a PASTA threat modeling example. PASTA stands for Process for Attack Simulation and Threat Analysis (PASTA). It is a risk-centric threat modeling method developed … Read More
PASTA Threat Modeling and DevOps
In this article, I explain why PASTA threat modeling and DevOps is a perfect fit. If your organization is using DevOps to provide applications and … Read More
Threat Modeling and DevOps
In this article, I explain why threat modeling and DevOps are a great fit, and how you would go about implementing threat modeling within DevOps. … Read More
Trike Threat Modeling
Trike is a framework for security auditing from a risk-based perspective. This is achieved through Trike threat modeling, which generates threat models. With the Trike … Read More
STRIDE Threat Modeling in DevOps: A Perfect Fit
Proactive STRIDE threat modeling in DevOps to shift security left and embed security thinking within a DevOps team.