awesome-threat-modeling

a curated list of useful threat modeling resources
https://github.com/redshiftzero/awesome-threat-modeling

Last synced: 3 days ago
JSON representation

Data Flow Diagrams
Threat Enumeration
- Attack Trees
- STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, Elevation of Privilege)
General
Prioritization Methodologies
- DREAD (Damage, Reproducibility, Exploitability, Affected users, Discoverability)
Conference Talks
- Rapid Threat Modeling - Akshay Aggarwal - Blackhat USA (2005)
- Part 1 - Adam Shostack - Blackhat (2010)
- Threat Modeling Best Practices - Robert Zigweid - AppSecUSA (2010)
- Threat Modeling: Lessons from Star Wars - Adam Shostack - Brucon (2014)
- Incremental Threat Modeling - Irene Michlin - AppSecEU (2017)
- Threat Modeling with PASTA - Tony UcedaVelez - AppSecEU (2017)
- Value Driven Threat Modeling - Avi Douglen - AppSecUSA (2018)
- Threat Modeling Toolkit - Jonathan Marcil - AppSecCali (2018)
- Lessons From The Threat Modeling Trenches - Brook Schoenfield - AppSecCali (2018)
- Threat Model as Code - Abhay Bhargav - AppSecUSA (2018)
- Threat Modeling at speed and scale - Stuart Winter-Tear - DevSecCon London (2018)
- Threat Modeling: uncover vulnerabilities without looking at code - Chris Romeo - NDC (2018)
- Threat Modeling in 2018 - Adam Shostack - Blackhat USA (2018)
- Threat Modeling in 2019 - Adam Shostack - RSA Conference (2019)
- Offensive Threat Models Against the Supply Chain - Tony UcedaVelez - AppSecCali (2019)
- Threat Model Every Story: Practical Continuous Threat Modeling Work for Your Team - Izar Tarandach - AppSecCali (2019)
- Game On! Adding Privacy to Threat Modeling - Adam Shostack, Mark Vinkovits - AppSecCali (2019)
- Adaptive Threat Modeling - Aaron Bedra - GOTO Chicago (2017)
Books
- Threat Modeling: Designing for Security
- Guide to Data-Centric System Threat Modeling
Tools

Programming Languages

Categories

Conference Talks 18 Tools 7 Data Flow Diagrams 5 General 3 Books 2 Threat Enumeration 2 Prioritization Methodologies 1

Sub Categories

Keywords

threat-model 1 mozilla 1