From 0435ec11be37642544da5a6e39a90f423d10a211 Mon Sep 17 00:00:00 2001
From: Sivakumar <39010220+ladecruze@users.noreply.github.com>
Date: Mon, 30 May 2022 12:47:02 +0530
Subject: [PATCH 1/9] Update README.md

---
 README.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/README.md b/README.md
index 4c92c3d..066c03d 100644
--- a/README.md
+++ b/README.md
@@ -158,6 +158,29 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
 - [Secure Slack bot an exercise in threat modeling](https://diablohorn.com/2019/11/18/secure-slack-bot-an-exercise-in-threat-modeling/)
 
+- [DNS Security: Threat Modeling DNSSEC, DoT, and DoH](https://www.netmeister.org/blog/doh-dot-dnssec.html)
+
+- [Playbook for Threat Modeling Medical Devices](https://www.mitre.org/sites/default/files/publications/Playbook-for-Threat-Modeling-Medical-Devices.pdf)
+
+- [Threat Modeling Trinity](https://github.com/juliocesarfort/public-pentesting-reports/blob/master/COMSATS_Islamabad-CyberSecurityLab/Threat_Modeling_Trinity_Wallet.pdf)
+
+ - [Threat Modeling Contact Tracing Applications](https://www.linkedin.com/pulse/threat-modeling-contact-tracing-applications-jakub-kaluzny/)
+
+ - [Threat Modeling Process](https://owasp.org/www-community/Threat_Modeling_Process)
+ 
+ - [Developers Guide Securing Mobile Applications](https://www.synopsys.com/content/dam/synopsys/sig-assets/ebooks/developers-guide-securing-mobile-applications-threat-modeling.pdf)
+
+ - [Finding Vulnerabilities In Swiss Posts](https://www.reversemode.com/2022/01/finding-vulnerabilities-in-swiss-posts.html?m=1#AttackSurface)
+
+ - [Threat Matrix  CI/CD](https://github.com/rung/threat-matrix-cicd)
+
+ - [Top 10 CI/CD Security Risks](https://github.com/cider-security-research/top-10-cicd-security-risks)
+
+ - [ECS Fargate Threat Modeling](https://sysdig.com/blog/ecs-fargate-threat-modeling/)
+
+ - [IETF Trans Threat Analysis](https://datatracker.ietf.org/doc/html/draft-ietf-trans-threat-analysis-16)
+
+ - [Secure Password Storage](https://owasp.org/www-pdf-archive//Secure_Password_Storage.pdf)
 
 ## Threat Model examples
 
@@ -175,9 +198,17 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
 - [Kubernetes Threat Model](https://github.com/kubernetes/community/tree/master/sig-security/security-audit-2019/findings)
 
+- [K8 Threat Model](https://github.com/cncf/financial-user-group/tree/main/projects/k8s-threat-model)
+
 - [ISO/SAE 21434 Annex G Example](https://github.com/Yakindu/YSA-examples)
 
+- [Docker Threat Model](https://cloudsecdocs.com/container_security/theory/threats/docker_threat_model/)
 
+- [Container Threat Model](https://github.com/krol3/container-security-checklist#container-threat-model)
+
+- [Account Takeover Threat Model](https://raw.githubusercontent.com/magoo/ato-checklist/master/model.svg)
+
+- [SSL Threat Model](https://www.ssllabs.com/downloads/SSL_Threat_Model.png)
 
 ## Tools
 

From 65f03b019c49e371c0e9c01551a62a02cfbf4d32 Mon Sep 17 00:00:00 2001
From: Sivakumar <39010220+ladecruze@users.noreply.github.com>
Date: Wed, 1 Jun 2022 09:46:04 +0530
Subject: [PATCH 2/9] Update README.md

---
 README.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 066c03d..20950b9 100644
--- a/README.md
+++ b/README.md
@@ -178,10 +178,16 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
  - [ECS Fargate Threat Modeling](https://sysdig.com/blog/ecs-fargate-threat-modeling/)
 
+ - [Amazon S3](https://controlcatalog.trustoncloud.com/dashboard/aws/s3#Data%20Flow%20Diagram)
+
  - [IETF Trans Threat Analysis](https://datatracker.ietf.org/doc/html/draft-ietf-trans-threat-analysis-16)
 
  - [Secure Password Storage](https://owasp.org/www-pdf-archive//Secure_Password_Storage.pdf)
 
+ - [Human Threat Model](https://github.com/JWWeatherman/human_threat_model)
+
+ - [Smart Home Threat Model](https://github.com/kkredit/smart-home-threat-model)
+
 ## Threat Model examples
 
 *Threat model examples for reference.*
@@ -190,14 +196,10 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
 - [SSL Threat model by Qualys](https://www.ssllabs.com/downloads/SSL_Threat_Model.png)
 
-- [DNS Security: Threat Modeling DNSSEC, DoT, and DoH by Jan Schuamann](https://www.netmeister.org/blog/doh-dot-dnssec.html)
-
 - [Email Encryption Gateway Threat model by NCC Group](https://www.slideshare.net/NCC_Group/real-world-application-threat-modelling-by-example)
 
 - [OWASP Threat Model Cookbook](https://github.com/OWASP/threat-model-cookbook)
 
-- [Kubernetes Threat Model](https://github.com/kubernetes/community/tree/master/sig-security/security-audit-2019/findings)
-
 - [K8 Threat Model](https://github.com/cncf/financial-user-group/tree/main/projects/k8s-threat-model)
 
 - [ISO/SAE 21434 Annex G Example](https://github.com/Yakindu/YSA-examples)
@@ -208,8 +210,6 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
 - [Account Takeover Threat Model](https://raw.githubusercontent.com/magoo/ato-checklist/master/model.svg)
 
-- [SSL Threat Model](https://www.ssllabs.com/downloads/SSL_Threat_Model.png)
-
 ## Tools
 
 *Tools which helps in threat modelling.*

From 63a4c753fd28969d47a0dcd11b5a43922892cfcb Mon Sep 17 00:00:00 2001
From: Sivakumar <39010220+ladecruze@users.noreply.github.com>
Date: Wed, 1 Jun 2022 10:05:24 +0530
Subject: [PATCH 3/9] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 20950b9..65c0297 100644
--- a/README.md
+++ b/README.md
@@ -200,7 +200,7 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
 - [OWASP Threat Model Cookbook](https://github.com/OWASP/threat-model-cookbook)
 
-- [K8 Threat Model](https://github.com/cncf/financial-user-group/tree/main/projects/k8s-threat-model)
+- [Kubernetes Threat Model](https://github.com/cncf/financial-user-group/tree/main/projects/k8s-threat-model)
 
 - [ISO/SAE 21434 Annex G Example](https://github.com/Yakindu/YSA-examples)
 

From 3910c78b9f92462425ba2e955ae70c201c8d8e75 Mon Sep 17 00:00:00 2001
From: Sivakumar <39010220+ladecruze@users.noreply.github.com>
Date: Wed, 1 Jun 2022 10:11:32 +0530
Subject: [PATCH 4/9] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 65c0297..dcf2cc0 100644
--- a/README.md
+++ b/README.md
@@ -178,8 +178,6 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
  - [ECS Fargate Threat Modeling](https://sysdig.com/blog/ecs-fargate-threat-modeling/)
 
- - [Amazon S3](https://controlcatalog.trustoncloud.com/dashboard/aws/s3#Data%20Flow%20Diagram)
-
  - [IETF Trans Threat Analysis](https://datatracker.ietf.org/doc/html/draft-ietf-trans-threat-analysis-16)
 
  - [Secure Password Storage](https://owasp.org/www-pdf-archive//Secure_Password_Storage.pdf)
@@ -210,6 +208,8 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
 - [Account Takeover Threat Model](https://raw.githubusercontent.com/magoo/ato-checklist/master/model.svg)
 
+- [Amazon S3](https://controlcatalog.trustoncloud.com/dashboard/aws/s3#Data%20Flow%20Diagram)
+
 ## Tools
 
 *Tools which helps in threat modelling.*

From 0fb18ebad7bb0dec5783ee5378aad6e37fed7587 Mon Sep 17 00:00:00 2001
From: Sivakumar <39010220+ladecruze@users.noreply.github.com>
Date: Wed, 1 Jun 2022 10:28:10 +0530
Subject: [PATCH 5/9] Update README.md

---
 README.md | 39 ++++++++++++++++++++-------------------
 1 file changed, 20 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index dcf2cc0..c3240ab 100644
--- a/README.md
+++ b/README.md
@@ -160,31 +160,18 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
 - [DNS Security: Threat Modeling DNSSEC, DoT, and DoH](https://www.netmeister.org/blog/doh-dot-dnssec.html)
 
-- [Playbook for Threat Modeling Medical Devices](https://www.mitre.org/sites/default/files/publications/Playbook-for-Threat-Modeling-Medical-Devices.pdf)
-
-- [Threat Modeling Trinity](https://github.com/juliocesarfort/public-pentesting-reports/blob/master/COMSATS_Islamabad-CyberSecurityLab/Threat_Modeling_Trinity_Wallet.pdf)
-
- - [Threat Modeling Contact Tracing Applications](https://www.linkedin.com/pulse/threat-modeling-contact-tracing-applications-jakub-kaluzny/)
-
- - [Threat Modeling Process](https://owasp.org/www-community/Threat_Modeling_Process)
+- [Threat Modeling Process](https://owasp.org/www-community/Threat_Modeling_Process)
  
- - [Developers Guide Securing Mobile Applications](https://www.synopsys.com/content/dam/synopsys/sig-assets/ebooks/developers-guide-securing-mobile-applications-threat-modeling.pdf)
+- [Developers Guide Securing Mobile Applications](https://www.synopsys.com/content/dam/synopsys/sig-assets/ebooks/developers-guide-securing-mobile-applications-threat-modeling.pdf)
 
- - [Finding Vulnerabilities In Swiss Posts](https://www.reversemode.com/2022/01/finding-vulnerabilities-in-swiss-posts.html?m=1#AttackSurface)
+- [Finding Vulnerabilities In Swiss Posts](https://www.reversemode.com/2022/01/finding-vulnerabilities-in-swiss-posts.html?m=1#AttackSurface)
 
- - [Threat Matrix  CI/CD](https://github.com/rung/threat-matrix-cicd)
+- [Threat Matrix  CI/CD](https://github.com/rung/threat-matrix-cicd)
 
- - [Top 10 CI/CD Security Risks](https://github.com/cider-security-research/top-10-cicd-security-risks)
+- [Top 10 CI/CD Security Risks](https://github.com/cider-security-research/top-10-cicd-security-risks)
 
- - [ECS Fargate Threat Modeling](https://sysdig.com/blog/ecs-fargate-threat-modeling/)
+- [ECS Fargate Threat Modeling](https://sysdig.com/blog/ecs-fargate-threat-modeling/)
 
- - [IETF Trans Threat Analysis](https://datatracker.ietf.org/doc/html/draft-ietf-trans-threat-analysis-16)
-
- - [Secure Password Storage](https://owasp.org/www-pdf-archive//Secure_Password_Storage.pdf)
-
- - [Human Threat Model](https://github.com/JWWeatherman/human_threat_model)
-
- - [Smart Home Threat Model](https://github.com/kkredit/smart-home-threat-model)
 
 ## Threat Model examples
 
@@ -210,6 +197,20 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
 - [Amazon S3](https://controlcatalog.trustoncloud.com/dashboard/aws/s3#Data%20Flow%20Diagram)
 
+- [Playbook for Threat Modeling Medical Devices](https://www.mitre.org/sites/default/files/publications/Playbook-for-Threat-Modeling-Medical-Devices.pdf)
+
+- [Threat Modeling Trinity](https://github.com/juliocesarfort/public-pentesting-reports/blob/master/COMSATS_Islamabad-CyberSecurityLab/Threat_Modeling_Trinity_Wallet.pdf)
+
+- [Threat Modeling Contact Tracing Applications](https://www.linkedin.com/pulse/threat-modeling-contact-tracing-applications-jakub-kaluzny/)
+
+- [Secure Password Storage](https://owasp.org/www-pdf-archive//Secure_Password_Storage.pdf)
+
+- [Human Threat Model](https://github.com/JWWeatherman/human_threat_model)
+
+- [Smart Home Threat Model](https://github.com/kkredit/smart-home-threat-model)
+
+- [IETF Trans Threat Analysis](https://datatracker.ietf.org/doc/html/draft-ietf-trans-threat-analysis-16)
+
 ## Tools
 
 *Tools which helps in threat modelling.*

From 3fbda688923c1d0148e4661d5739f878ee135d64 Mon Sep 17 00:00:00 2001
From: Sivakumar <39010220+ladecruze@users.noreply.github.com>
Date: Wed, 1 Jun 2022 14:28:35 +0530
Subject: [PATCH 6/9] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index c3240ab..7a69734 100644
--- a/README.md
+++ b/README.md
@@ -158,8 +158,6 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
 - [Secure Slack bot an exercise in threat modeling](https://diablohorn.com/2019/11/18/secure-slack-bot-an-exercise-in-threat-modeling/)
 
-- [DNS Security: Threat Modeling DNSSEC, DoT, and DoH](https://www.netmeister.org/blog/doh-dot-dnssec.html)
-
 - [Threat Modeling Process](https://owasp.org/www-community/Threat_Modeling_Process)
  
 - [Developers Guide Securing Mobile Applications](https://www.synopsys.com/content/dam/synopsys/sig-assets/ebooks/developers-guide-securing-mobile-applications-threat-modeling.pdf)
@@ -191,6 +189,8 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
 - [Docker Threat Model](https://cloudsecdocs.com/container_security/theory/threats/docker_threat_model/)
 
+- [DNS Security: Threat Modeling DNSSEC, DoT, and DoH](https://www.netmeister.org/blog/doh-dot-dnssec.html)
+
 - [Container Threat Model](https://github.com/krol3/container-security-checklist#container-threat-model)
 
 - [Account Takeover Threat Model](https://raw.githubusercontent.com/magoo/ato-checklist/master/model.svg)

From 7f6bc3b12e2231cdd600a481e2f9e4222be08b92 Mon Sep 17 00:00:00 2001
From: Mohammed A Imran <secfigo@gmail.com>
Date: Wed, 1 Jun 2022 17:01:49 +0800
Subject: [PATCH 7/9] Update README.md

---
 README.md | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 7a69734..14db933 100644
--- a/README.md
+++ b/README.md
@@ -65,6 +65,7 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
 - [Threat Modeling or Whiteboard Hacking training](https://www.toreon.com/threatmodeling/)
 
+- [Kubernetes Threat Modeling](https://learning.oreilly.com/live-events/kubernetes-threat-modeling/0636920055610/0636920059945/)
 
 ## Videos
 
@@ -170,11 +171,15 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
 - [ECS Fargate Threat Modeling](https://sysdig.com/blog/ecs-fargate-threat-modeling/)
 
+- [Kubernetes Attack Trees](https://github.com/cncf/financial-user-group/tree/main/projects/k8s-threat-model)
+
 
 ## Threat Model examples
 
 *Threat model examples for reference.*
 
+- [DNS Security: Threat Modeling DNSSEC, DoT, and DoH](https://www.netmeister.org/blog/doh-dot-dnssec.html)
+
 - [OAuth 2.0 Threat Model and Security Considerations](https://datatracker.ietf.org/doc/html/rfc6819)
 
 - [SSL Threat model by Qualys](https://www.ssllabs.com/downloads/SSL_Threat_Model.png)
@@ -183,14 +188,12 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
 - [OWASP Threat Model Cookbook](https://github.com/OWASP/threat-model-cookbook)
 
-- [Kubernetes Threat Model](https://github.com/cncf/financial-user-group/tree/main/projects/k8s-threat-model)
+- [Kubernetes Threat Model](https://github.com/kubernetes/sig-security/tree/main/sig-security-external-audit/security-audit-2019/findings)
 
 - [ISO/SAE 21434 Annex G Example](https://github.com/Yakindu/YSA-examples)
 
 - [Docker Threat Model](https://cloudsecdocs.com/container_security/theory/threats/docker_threat_model/)
 
-- [DNS Security: Threat Modeling DNSSEC, DoT, and DoH](https://www.netmeister.org/blog/doh-dot-dnssec.html)
-
 - [Container Threat Model](https://github.com/krol3/container-security-checklist#container-threat-model)
 
 - [Account Takeover Threat Model](https://raw.githubusercontent.com/magoo/ato-checklist/master/model.svg)
@@ -233,6 +236,13 @@ Contributions welcome. Add links through pull requests or create an issue to sta
 
 - [Threagile](https://github.com/Threagile/threagile) - Threagile is an open-source toolkit for agile threat modeling
 
+- [TicTaaC](https://github.com/rusakovichma/TicTaaC) - Threat modeling-as-a-Code in a Tick (TicTaaC). Lightweight and easy-to-use Threat modeling solution following DevSecOps principles
+
+- [Threat Modeling Online Game](https://github.com/dehydr8/elevation-of-privilege) - Online version of the Elevation of Privilege and Cornucopia card games. The easy way to get started with threat modeling.
+
+- [Deciduous](https://github.com/rpetrich/deciduous) - A web app that simplifies building attack decision trees. Hosted at https://www.deciduous.app/
+
+
 ### Paid tools
 
 - [Irius risk](https://iriusrisk.com/threat-modeling-tool/) - Iriusrisk is a threat modeling tool with an adaptive questionnaire driven by an expert system which guides the user through straight forward questions about the technical architecture, the planned features and security context of the application.

From a7717cd458ac7372baf78ab766a2ad935c0f404e Mon Sep 17 00:00:00 2001
From: Mohammed A Imran <secfigo@gmail.com>
Date: Wed, 1 Jun 2022 17:04:26 +0800
Subject: [PATCH 8/9] Update README.md

---
 README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/README.md b/README.md
index 14db933..471e1ab 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,13 @@
+<!-- Google Tag Manager -->
+<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
+new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
+j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
+'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
+})(window,document,'script','dataLayer','GTM-MQNDKF5');</script>
+<!-- End Google Tag Manager -->
+
+
+
 
 # Awesome Threat Modeling [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)
 

From 432435dde3e4ce1530977a345b32329ddc2626b8 Mon Sep 17 00:00:00 2001
From: Mohammed A Imran <secfigo@gmail.com>
Date: Wed, 1 Jun 2022 17:07:52 +0800
Subject: [PATCH 9/9] Update README.md

---
 README.md | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/README.md b/README.md
index 471e1ab..01e62f6 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,3 @@
-<!-- Google Tag Manager -->
-<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
-new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
-j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
-'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
-})(window,document,'script','dataLayer','GTM-MQNDKF5');</script>
-<!-- End Google Tag Manager -->
-
-
-
-
 # Awesome Threat Modeling [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)
 
 [<img src="images/awesome-threat-modelling.png">](https://www.practical-devsecops.com/devsecops-university/)