From 7f6bc3b12e2231cdd600a481e2f9e4222be08b92 Mon Sep 17 00:00:00 2001 From: Mohammed A Imran Date: Wed, 1 Jun 2022 17:01:49 +0800 Subject: [PATCH] Update README.md --- README.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7a69734..14db933 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,7 @@ Contributions welcome. Add links through pull requests or create an issue to sta - [Threat Modeling or Whiteboard Hacking training](https://www.toreon.com/threatmodeling/) +- [Kubernetes Threat Modeling](https://learning.oreilly.com/live-events/kubernetes-threat-modeling/0636920055610/0636920059945/) ## Videos @@ -170,11 +171,15 @@ Contributions welcome. Add links through pull requests or create an issue to sta - [ECS Fargate Threat Modeling](https://sysdig.com/blog/ecs-fargate-threat-modeling/) +- [Kubernetes Attack Trees](https://github.com/cncf/financial-user-group/tree/main/projects/k8s-threat-model) + ## Threat Model examples *Threat model examples for reference.* +- [DNS Security: Threat Modeling DNSSEC, DoT, and DoH](https://www.netmeister.org/blog/doh-dot-dnssec.html) + - [OAuth 2.0 Threat Model and Security Considerations](https://datatracker.ietf.org/doc/html/rfc6819) - [SSL Threat model by Qualys](https://www.ssllabs.com/downloads/SSL_Threat_Model.png) @@ -183,14 +188,12 @@ Contributions welcome. Add links through pull requests or create an issue to sta - [OWASP Threat Model Cookbook](https://github.com/OWASP/threat-model-cookbook) -- [Kubernetes Threat Model](https://github.com/cncf/financial-user-group/tree/main/projects/k8s-threat-model) +- [Kubernetes Threat Model](https://github.com/kubernetes/sig-security/tree/main/sig-security-external-audit/security-audit-2019/findings) - [ISO/SAE 21434 Annex G Example](https://github.com/Yakindu/YSA-examples) - [Docker Threat Model](https://cloudsecdocs.com/container_security/theory/threats/docker_threat_model/) -- [DNS Security: Threat Modeling DNSSEC, DoT, and DoH](https://www.netmeister.org/blog/doh-dot-dnssec.html) - - [Container Threat Model](https://github.com/krol3/container-security-checklist#container-threat-model) - [Account Takeover Threat Model](https://raw.githubusercontent.com/magoo/ato-checklist/master/model.svg) @@ -233,6 +236,13 @@ Contributions welcome. Add links through pull requests or create an issue to sta - [Threagile](https://github.com/Threagile/threagile) - Threagile is an open-source toolkit for agile threat modeling +- [TicTaaC](https://github.com/rusakovichma/TicTaaC) - Threat modeling-as-a-Code in a Tick (TicTaaC). Lightweight and easy-to-use Threat modeling solution following DevSecOps principles + +- [Threat Modeling Online Game](https://github.com/dehydr8/elevation-of-privilege) - Online version of the Elevation of Privilege and Cornucopia card games. The easy way to get started with threat modeling. + +- [Deciduous](https://github.com/rpetrich/deciduous) - A web app that simplifies building attack decision trees. Hosted at https://www.deciduous.app/ + + ### Paid tools - [Irius risk](https://iriusrisk.com/threat-modeling-tool/) - Iriusrisk is a threat modeling tool with an adaptive questionnaire driven by an expert system which guides the user through straight forward questions about the technical architecture, the planned features and security context of the application.