mirror of
https://github.com/hysnsec/awesome-threat-modelling.git
synced 2024-10-01 08:25:38 -04:00
Update README.md
This commit is contained in:
parent
3fbda68892
commit
7f6bc3b12e
16
README.md
16
README.md
@ -65,6 +65,7 @@ Contributions welcome. Add links through pull requests or create an issue to sta
|
|||||||
|
|
||||||
- [Threat Modeling or Whiteboard Hacking training](https://www.toreon.com/threatmodeling/)
|
- [Threat Modeling or Whiteboard Hacking training](https://www.toreon.com/threatmodeling/)
|
||||||
|
|
||||||
|
- [Kubernetes Threat Modeling](https://learning.oreilly.com/live-events/kubernetes-threat-modeling/0636920055610/0636920059945/)
|
||||||
|
|
||||||
## Videos
|
## Videos
|
||||||
|
|
||||||
@ -170,11 +171,15 @@ Contributions welcome. Add links through pull requests or create an issue to sta
|
|||||||
|
|
||||||
- [ECS Fargate Threat Modeling](https://sysdig.com/blog/ecs-fargate-threat-modeling/)
|
- [ECS Fargate Threat Modeling](https://sysdig.com/blog/ecs-fargate-threat-modeling/)
|
||||||
|
|
||||||
|
- [Kubernetes Attack Trees](https://github.com/cncf/financial-user-group/tree/main/projects/k8s-threat-model)
|
||||||
|
|
||||||
|
|
||||||
## Threat Model examples
|
## Threat Model examples
|
||||||
|
|
||||||
*Threat model examples for reference.*
|
*Threat model examples for reference.*
|
||||||
|
|
||||||
|
- [DNS Security: Threat Modeling DNSSEC, DoT, and DoH](https://www.netmeister.org/blog/doh-dot-dnssec.html)
|
||||||
|
|
||||||
- [OAuth 2.0 Threat Model and Security Considerations](https://datatracker.ietf.org/doc/html/rfc6819)
|
- [OAuth 2.0 Threat Model and Security Considerations](https://datatracker.ietf.org/doc/html/rfc6819)
|
||||||
|
|
||||||
- [SSL Threat model by Qualys](https://www.ssllabs.com/downloads/SSL_Threat_Model.png)
|
- [SSL Threat model by Qualys](https://www.ssllabs.com/downloads/SSL_Threat_Model.png)
|
||||||
@ -183,14 +188,12 @@ Contributions welcome. Add links through pull requests or create an issue to sta
|
|||||||
|
|
||||||
- [OWASP Threat Model Cookbook](https://github.com/OWASP/threat-model-cookbook)
|
- [OWASP Threat Model Cookbook](https://github.com/OWASP/threat-model-cookbook)
|
||||||
|
|
||||||
- [Kubernetes Threat Model](https://github.com/cncf/financial-user-group/tree/main/projects/k8s-threat-model)
|
- [Kubernetes Threat Model](https://github.com/kubernetes/sig-security/tree/main/sig-security-external-audit/security-audit-2019/findings)
|
||||||
|
|
||||||
- [ISO/SAE 21434 Annex G Example](https://github.com/Yakindu/YSA-examples)
|
- [ISO/SAE 21434 Annex G Example](https://github.com/Yakindu/YSA-examples)
|
||||||
|
|
||||||
- [Docker Threat Model](https://cloudsecdocs.com/container_security/theory/threats/docker_threat_model/)
|
- [Docker Threat Model](https://cloudsecdocs.com/container_security/theory/threats/docker_threat_model/)
|
||||||
|
|
||||||
- [DNS Security: Threat Modeling DNSSEC, DoT, and DoH](https://www.netmeister.org/blog/doh-dot-dnssec.html)
|
|
||||||
|
|
||||||
- [Container Threat Model](https://github.com/krol3/container-security-checklist#container-threat-model)
|
- [Container Threat Model](https://github.com/krol3/container-security-checklist#container-threat-model)
|
||||||
|
|
||||||
- [Account Takeover Threat Model](https://raw.githubusercontent.com/magoo/ato-checklist/master/model.svg)
|
- [Account Takeover Threat Model](https://raw.githubusercontent.com/magoo/ato-checklist/master/model.svg)
|
||||||
@ -233,6 +236,13 @@ Contributions welcome. Add links through pull requests or create an issue to sta
|
|||||||
|
|
||||||
- [Threagile](https://github.com/Threagile/threagile) - Threagile is an open-source toolkit for agile threat modeling
|
- [Threagile](https://github.com/Threagile/threagile) - Threagile is an open-source toolkit for agile threat modeling
|
||||||
|
|
||||||
|
- [TicTaaC](https://github.com/rusakovichma/TicTaaC) - Threat modeling-as-a-Code in a Tick (TicTaaC). Lightweight and easy-to-use Threat modeling solution following DevSecOps principles
|
||||||
|
|
||||||
|
- [Threat Modeling Online Game](https://github.com/dehydr8/elevation-of-privilege) - Online version of the Elevation of Privilege and Cornucopia card games. The easy way to get started with threat modeling.
|
||||||
|
|
||||||
|
- [Deciduous](https://github.com/rpetrich/deciduous) - A web app that simplifies building attack decision trees. Hosted at https://www.deciduous.app/
|
||||||
|
|
||||||
|
|
||||||
### Paid tools
|
### Paid tools
|
||||||
|
|
||||||
- [Irius risk](https://iriusrisk.com/threat-modeling-tool/) - Iriusrisk is a threat modeling tool with an adaptive questionnaire driven by an expert system which guides the user through straight forward questions about the technical architecture, the planned features and security context of the application.
|
- [Irius risk](https://iriusrisk.com/threat-modeling-tool/) - Iriusrisk is a threat modeling tool with an adaptive questionnaire driven by an expert system which guides the user through straight forward questions about the technical architecture, the planned features and security context of the application.
|
||||||
|
Loading…
Reference in New Issue
Block a user