Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-threat-modelling
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
https://github.com/hysnsec/awesome-threat-modelling
Last synced: 3 days ago
JSON representation
-
Tutorials and Blogs
-
Paid
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Threat Modeling: What, Why, and How?
- Threat Modeling: 12 Available Methods
- What Is Security Threat Modeling?
- Threat-modeling CheatSheet By Owasp
- Threat Modeling in the Enterprise
- Approachable threat modeling
- Threat Modeling for Dummies
- DevSecOps, Threat Modeling and You: Get started using the STRIDE method
- Threat Modeling: The Why, How, When and Which Tools
- Threat-modeling datasheet
- Threat Modeling blog
- Threat Modeling: 6 Mistakes You are Probably Making
- How to Create a Threat Model for Cloud Infrastructure Security
- Why You Should Care About Threat Modelling
- Benefits of Threat Modeling
- Threat Modeling: a Summary of Available Methods Whitepaper
- Threat Modelling Toolkit
- How to get started with Threat Modeling, before you get hacked
- Thread Modeling tutorial
- How to analyze the security of your application with threat modeling
- Tactical Threat Modeling
- The Power of a Tailored Threat Model Whitepaper
- Where is my Threat Model?
- Secure Slack bot an exercise in threat modeling
- Secpillars.com Threat Modeling blog posts
- Threat Modeling Process
- Finding Vulnerabilities In Swiss Posts
- Kubernetes Attack Trees
- The Enchiridion of Impetus Exemplar: A Threat Modeling Field Guide
- Leveraging Threat Modeling for your SOC/SIEM
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Where is my Threat Model?
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Threat Modelling Toolkit
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Threat Modelling Toolkit
- Where is my Threat Model?
- Threat Matrix CI/CD
- Top 10 CI/CD Security Risks
- Where is my Threat Model?
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Threat Modeling: a Summary of Available Methods Whitepaper
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Where is my Threat Model?
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Where is my Threat Model?
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Threat Modelling Toolkit
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Where is my Threat Model?
- 7 Easy Steps For Building a Scalable Threat Modeling Process
- Where is my Threat Model?
- Threat Modeling: What, Why, and How?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Threat Modelling Toolkit
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Where is my Threat Model?
- Why You Should Care About Threat Modelling
- Threat Modelling Toolkit
- Where is my Threat Model?
-
-
Books
- Designing Usable and Secure Software with IRIS and CAIRIS
- Threat Modeling: Designing for Security
- Threat Modeling
- Securing Systems: Applied Security Architecture and Threat Models
- Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis
- Threat Modeling: A Practical Guide for Development Teams
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
- Designing Usable and Secure Software with IRIS and CAIRIS
-
Fundamentals
-
Courses
-
Free
- Threat Modeling, or Architectural Risk Analysis by Coursera
- Threat Modeling Workshop by Robert Hurlbut
- Threat Modeling Security Fundamentals
- Threat Modeling the Right Way for Builders Workshop - AWS Skill Builder threat modeling workshop. Requires AWS Skill Builder Login (free).
- Rapid Threat Model Prototyping (RTMP) - Methodology to create quick threat models (1) add threat metadata describing the threats and mitigations directly to software diagrams using 11 simple and repeatable steps (2) integrate these steps into Agile workstreams (3) how to best use the outputs of a threat model (Threats & Mitigations)
-
Paid
- Certified Threat Modeling Professional by Practical DevSecOps
- DevSecOps Expert by Practical DevSecOps
- Threat Modeling Fundamentals
- CyberSec First Responder: Threat Detection & Response CFR210
- Learning Threat Modeling for Security Professionals
- Threat Modeling: Spoofing In Depth
- Threat Modeling: Tampering in Depth
- Threat Modeling or Whiteboard Hacking training
- Kubernetes Threat Modeling
-
-
Videos
-
Paid
- Introduction, Threat Models
- Creating a Threat Model using TMT 2016
- Using Threat Modeling
- Threat Modeling in 2019
- Threat Modeling Toolkit
- Adaptive Threat Modelling
- Threat modeling
- Threat Model Every Story: Practical Continuous Threat Modeling Work for Your Team
- Threat Modeling for Secure Software Design
- Fixing Threat Models with OWASP Efforts
- Designing for Security through Threat Modelling
- Unlocking Threat Modeling
- An Agile Approach to Threat Modeling for Securing Open Source Project EdgeX Foundry
- Threat Modeling 101 (SAFECode On Demand Training Course)
- ISO/SAE 21434 by Example
- Introduction to Threat Modeling by Avi Douglen
- Look, there's a threat model in my DevOps
- Lessons from the threat modeling trenches
- AWS Summit - How to approach threat modelling
- ISO/SAE 21434 by Example
- Introduction to Threat Modeling by Avi Douglen
- Look, there's a threat model in my DevOps
- ISO/SAE 21434 by Example
-
-
Threat Model examples
-
Paid
- DNS Security: Threat Modeling DNSSEC, DoT, and DoH
- OAuth 2.0 Threat Model and Security Considerations
- SSL Threat model by Qualys
- Email Encryption Gateway Threat model by NCC Group
- Kubernetes Threat Model
- Secure Trusted Firmware for ARM processors
- Docker Threat Model
- Account Takeover Threat Model
- Amazon S3
- Playbook for Threat Modeling Medical Devices
- Threat Modeling Trinity
- Threat Modeling Contact Tracing Applications
- Secure Password Storage
- OpenSSF CII Threat Models for Open Source Projects (as part of Silver badge criteria)
- ROS 2 Robotic System
- IoT Devices
- Secure Password Storage
- OWASP Threat Model Cookbook
- ISO/SAE 21434 Annex G Example
- Container Threat Model
- Secure Password Storage
- Human Threat Model
- Smart Home Threat Model
- Bitcoin
- OpenSSF CII Threat Models for Open Source Projects (as part of Silver badge criteria)
- Secure Password Storage
- Certificate Transparency
- AWS Fargate
- ISO/SAE 21434 Annex G Example
- Secure Password Storage
- Secure Password Storage
-
-
Tools
-
Free tools
- Microsoft Threat Modeling Tool - Microsoft Threat Modeling Tool 2016 is a tool that helps in finding threats in the design phase of software projects.
- OWASP Threat Dragon - An online threat modelling web application including system diagramming and a rule engine to auto-generate threats/mitigations.
- Threatspec - Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process.
- MAL - MAL is an open source project that supports creation of cyber threat modeling systems and attack simulations.
- Owasp-threat-dragon-gitlab - This project is a fork of the original OWASP Threat Dragon web application by Mike Goodwin with Gitlab integration instead of GitHub. You can use it with the Gitlab.com or your own instance of Gitlab.
- Raindance - Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.
- Threagile - Threagile is an open-source toolkit for agile threat modeling
- TicTaaC - Threat modeling-as-a-Code in a Tick (TicTaaC). Lightweight and easy-to-use Threat modeling solution following DevSecOps principles
- Threat Modeling Online Game - Online version of the Elevation of Privilege and Cornucopia card games. The easy way to get started with threat modeling.
- Deciduous - A web app that simplifies building attack decision trees. Hosted at https://www.deciduous.app/
- drawio-threatmodeling - A collection of custom libraries to turn the free and cross-platform Draw.io diagramming application into the perfect tool for threat modeling.
- PyTM - PyTM is an open source project providing a library for threat modeling with code. Describe your system using OO syntax (object.property = value) and have your threat modeling report automatically generated. 100+ threats currently supported.
-
Paid tools
- Irius risk - Iriusrisk is a threat modeling tool with an adaptive questionnaire driven by an expert system which guides the user through straight forward questions about the technical architecture, the planned features and security context of the application.
- SD elements - Automate Threat Modeling with SD Elements.
- Foreseeti - SecuriCAD Vanguard is an attack simulation and automated threat modeling SaaS service that enables you to automatically simulate attacks on a virtual model of your AWS environment.
- Tutamen Threat Model system - This tool allows threat model metadata to be added to any software diagram, turning that diagram into a threat model. It's simple to use, requires no lock-in license, and is driven by the Common Weakness Enumeration, STRIDE and OWASP Top 10.
- YAKINDU Security Analyst - YAKINDU Security Analyst is a model-based software tool for threat analysis and risk assessment of technical systems. You can identify your protection needs, analyze possible threats and calculate the resulting risks. The underlying assessment model and calculation logic are highly customizable and can be integrated into existing toolchains.
-
Programming Languages
Categories
Sub Categories
Keywords
threat-modeling
5
security
4
devsecops
3
appsec
2
threat-model
2
threat-models
2
security-tools
2
threat-dragon
2
risk-management
1
risk-analysis
1
infosec
1
cicd
1
architecture
1
agile
1
gitlab
1
containers
1
tara
1
iso21434
1
sdl
1
drawio
1
diagramming
1
dfd
1
data-flow-diagram
1
attack-trees
1
resilience
1
chaos-engineering
1
stride
1
eop
1
card-game
1
boardgame-io
1
threat-modeling-tool
1
threat-modeling-from-code
1
threat
1
secure-development
1
application-security
1
threagile
1
threat-modelling
1