Awesome-Mirrors/awesome-threat-modelling
1
0
Fork 0
mirror of https://github.com/hysnsec/awesome-threat-modelling.git synced 2024-10-01 08:25:38 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into master

Browse Source
This commit is contained in:
Mohammed A Imran 2022-06-01 17:14:16 +08:00 committed by GitHub
commit 2722ef4346
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
README.md
View File

@ -1,4 +1,3 @@
# Awesome Threat Modeling [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)
[<img src="images/awesome-threat-modelling.png">](https://www.practical-devsecops.com/devsecops-university/)
@ -161,17 +160,31 @@ Contributions welcome. Add links through pull requests or create an issue to sta
- [Secpillars.com Threat Modeling blog posts](https://blog.secpillars.com/search/label/Threat%20Modeling)
- [Threat Modeling Process](https://owasp.org/www-community/Threat_Modeling_Process)
- [Developers Guide Securing Mobile Applications](https://www.synopsys.com/content/dam/synopsys/sig-assets/ebooks/developers-guide-securing-mobile-applications-threat-modeling.pdf)
- [Finding Vulnerabilities In Swiss Posts](https://www.reversemode.com/2022/01/finding-vulnerabilities-in-swiss-posts.html?m=1#AttackSurface)
- [Threat Matrix CI/CD](https://github.com/rung/threat-matrix-cicd)
- [Top 10 CI/CD Security Risks](https://github.com/cider-security-research/top-10-cicd-security-risks)
- [ECS Fargate Threat Modeling](https://sysdig.com/blog/ecs-fargate-threat-modeling/)
- [Kubernetes Attack Trees](https://github.com/cncf/financial-user-group/tree/main/projects/k8s-threat-model)
## Threat Model examples
*Threat model examples for reference.*
- [DNS Security: Threat Modeling DNSSEC, DoT, and DoH](https://www.netmeister.org/blog/doh-dot-dnssec.html)
- [OAuth 2.0 Threat Model and Security Considerations](https://datatracker.ietf.org/doc/html/rfc6819)
- [SSL Threat model by Qualys](https://www.ssllabs.com/downloads/SSL_Threat_Model.png)
- [DNS Security: Threat Modeling DNSSEC, DoT, and DoH by Jan Schuamann](https://www.netmeister.org/blog/doh-dot-dnssec.html)
- [Email Encryption Gateway Threat model by NCC Group](https://www.slideshare.net/NCC_Group/real-world-application-threat-modelling-by-example)
- [OWASP Threat Model Cookbook](https://github.com/OWASP/threat-model-cookbook)
@ -182,6 +195,28 @@ Contributions welcome. Add links through pull requests or create an issue to sta
- [Secure Trusted Firmware for ARM processors](https://tf-m-user-guide.trustedfirmware.org/docs/security/threat_models/generic_threat_model.html)
- [Docker Threat Model](https://cloudsecdocs.com/container_security/theory/threats/docker_threat_model/)
- [Container Threat Model](https://github.com/krol3/container-security-checklist#container-threat-model)
- [Account Takeover Threat Model](https://raw.githubusercontent.com/magoo/ato-checklist/master/model.svg)
- [Amazon S3](https://controlcatalog.trustoncloud.com/dashboard/aws/s3#Data%20Flow%20Diagram)
- [Playbook for Threat Modeling Medical Devices](https://www.mitre.org/sites/default/files/publications/Playbook-for-Threat-Modeling-Medical-Devices.pdf)
- [Threat Modeling Trinity](https://github.com/juliocesarfort/public-pentesting-reports/blob/master/COMSATS_Islamabad-CyberSecurityLab/Threat_Modeling_Trinity_Wallet.pdf)
- [Threat Modeling Contact Tracing Applications](https://www.linkedin.com/pulse/threat-modeling-contact-tracing-applications-jakub-kaluzny/)
- [Secure Password Storage](https://owasp.org/www-pdf-archive//Secure_Password_Storage.pdf)
- [Human Threat Model](https://github.com/JWWeatherman/human_threat_model)
- [Smart Home Threat Model](https://github.com/kkredit/smart-home-threat-model)
- [IETF Trans Threat Analysis](https://datatracker.ietf.org/doc/html/draft-ietf-trans-threat-analysis-16)
## Tools
*Tools which helps in threat modelling.*