mirror of
https://github.com/hysnsec/awesome-threat-modelling.git
synced 2024-10-01 08:25:38 -04:00
Merge branch 'master' into patch-1
This commit is contained in:
commit
ffb18e21ca
28
README.md
28
README.md
@ -8,6 +8,7 @@ A curated list of threat modeling resources (books, courses - free and paid, vid
|
||||
Contributions welcome. Add links through pull requests or create an issue to start a discussion.
|
||||
|
||||
## Contents
|
||||
- [Fundamentals](#fundamentals)
|
||||
- [Books](#books)
|
||||
- [Courses](#courses)
|
||||
- [Videos](#videos)
|
||||
@ -16,6 +17,12 @@ Contributions welcome. Add links through pull requests or create an issue to sta
|
||||
- [Tools](#tools)
|
||||
- [Sponsor](#sponsor)
|
||||
|
||||
|
||||
## Fundamentals
|
||||
|
||||
- [The Threat Modeling Manifesto](https://www.threatmodelingmanifesto.org)
|
||||
|
||||
|
||||
## Books
|
||||
|
||||
*Books on threat modeling.*
|
||||
@ -26,7 +33,7 @@ Contributions welcome. Add links through pull requests or create an issue to sta
|
||||
|
||||
- [Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis](https://www.amazon.in/Risk-Centric-Threat-Modeling-Simulation/dp/0470500964)
|
||||
|
||||
- [Threat Modeling](https://www.oreilly.com/library/view/threat-modeling/9781492056546/)
|
||||
- [Threat Modeling: A Practical Guide for Development Teams](https://www.oreilly.com/library/view/threat-modeling/9781492056546/)
|
||||
|
||||
|
||||
## Courses
|
||||
@ -39,6 +46,7 @@ Contributions welcome. Add links through pull requests or create an issue to sta
|
||||
- [Threat Modeling, or Architectural Risk Analysis by Coursera](https://www.coursera.org/lecture/software-security/threat-modeling-or-architectural-risk-analysis-bQAoU)
|
||||
|
||||
- [Threat Modeling Workshop by Robert Hurlbut](https://github.com/rhurlbut/CodeMash2019/blob/master/Robert-Hurlbut-CodeMash2019-Threat-Modeling-Workshop-20190108.pdf)
|
||||
- [Rapid Threat Model Prototyping (RTMP)](https://github.com/geoffrey-hill-tutamantic/rapid-threat-model-prototyping-docs) - Methodology to create quick threat models (1) add threat metadata describing the threats and mitigations directly to software diagrams using 11 simple and repeatable steps (2) integrate these steps into Agile workstreams (3) how to best use the outputs of a threat model (Threats & Mitigations)
|
||||
|
||||
|
||||
### Paid
|
||||
@ -92,6 +100,10 @@ Contributions welcome. Add links through pull requests or create an issue to sta
|
||||
|
||||
- [ISO/SAE 21434 by Example](https://youtu.be/3LsNx-ljIK8?t=1180)
|
||||
|
||||
- [Introduction to Threat Modeling by Avi Douglen](https://www.youtube.com/watch?v=yjvSI755auM&t=5069s)
|
||||
|
||||
- [Look, there's a threat model in my DevOps](https://www.youtube.com/watch?v=ASwZ7cnz-Q4&ab_channel=Auth0)
|
||||
|
||||
## Tutorials and Blogs
|
||||
|
||||
*Tutorials and blogs that explain threat modeling*
|
||||
@ -128,7 +140,7 @@ Contributions welcome. Add links through pull requests or create an issue to sta
|
||||
|
||||
- [Threat Modeling: a Summary of Available Methods Whitepaper](https://resources.sei.cmu.edu/asset_files/WhitePaper/2018_019_001_524597.pdf)
|
||||
|
||||
- [Threat Modelling Toolkit](https://www.owasp.org/images/0/00/Threat_Modelling_-_STRIDE_Cards_-_TW_Branded.pdf)
|
||||
- [Threat Modelling Toolkit](https://owasp.org/www-pdf-archive/Threat_Modelling_-_STRIDE_Cards_-_TW_Branded.pdf)
|
||||
|
||||
- [How to get started with Threat Modeling, before you get hacked](https://hackernoon.com/how-to-get-started-with-threat-modeling-before-you-get-hacked-1bf0ea3310df)
|
||||
|
||||
@ -159,7 +171,7 @@ Contributions welcome. Add links through pull requests or create an issue to sta
|
||||
|
||||
- [OWASP Threat Model Cookbook](https://github.com/OWASP/threat-model-cookbook)
|
||||
|
||||
- [Kubernetes Threat Model](https://github.com/kubernetes/community/tree/master/wg-security-audit/findings)
|
||||
- [Kubernetes Threat Model](https://github.com/kubernetes/community/tree/master/sig-security/security-audit-2019/findings)
|
||||
|
||||
- [ISO/SAE 21434 Annex G Example in YAKINDU Security Analyst](https://github.com/Yakindu/YSA-examples)
|
||||
|
||||
@ -181,18 +193,18 @@ Contributions welcome. Add links through pull requests or create an issue to sta
|
||||
|
||||
- [Threatspec](https://threatspec.org/) - Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process.
|
||||
|
||||
- [PyTM](https://github.com/izar/pytm) - PyTM is an open source project providing a library for threat modeling with code. Describe your system using OO syntax (object.property = value) and have your threat modeling report automatically generated.
|
||||
- [PyTM](https://github.com/izar/pytm) - PyTM is an open source project providing a library for threat modeling with code. Describe your system using OO syntax (object.property = value) and have your threat modeling report automatically generated. 100+ threats currently supported.
|
||||
|
||||
- [MAL](https://mal-lang.org) - MAL is an open source project that supports creation of cyber threat modeling systems and attack simulations. MAL is one of the underlying technologies of the [Foreseeti](https://www.foreseeti.com) paid tool.
|
||||
|
||||
|
||||
### Paid tools
|
||||
|
||||
- [Irius risk](https://iriusrisk.com/threat-modeling-tool/) - Iriusrisk is a threat modeling tool with an adaptive questionnaire driven by an expert system which guides the user through straight forward questions about the technical architecture, the planned features and security context of the application.
|
||||
|
||||
- [SD elements](https://www.securitycompass.com/sdelements/threat-modeling/) - Automate Threat Modeling with SD Elements.
|
||||
|
||||
- [Foreseeti](https://www.foreseeti.com/) - SecuriCAD Vanguard is an attack simulation and automated threat modeling SaaS service that enables you to automatically simulate attacks on a virtual model of your AWS environment.
|
||||
|
||||
- [YAKINDU Security Analyst](https://www.itemis.com/de/yakindu/security-analyst/) - YAKINDU Security Analyst is a model-based software tool for threat analysis and risk assessment of technical systems. With Security Analyst you can identify your protection needs, analyze possible threats and calculate the resulting risks. The underlying assessment model and calculation logic are highly customizable and can be integrated into existing toolchains.
|
||||
- [Tutamen Threat Model system](https://www.tutamantic.com) - This tool allows threat model metadata to be added to any software diagram, turning that diagram into a threat model. It's simple to use, requires no lock-in license, and is driven by the Common Weakness Enumeration, STRIDE and OWASP Top 10.
|
||||
- [YAKINDU Security Analyst](https://www.itemis.com/de/yakindu/security-analyst/) - YAKINDU Security Analyst is a model-based software tool for threat analysis and risk assessment of technical systems. You can identify your protection needs, analyze possible threats and calculate the resulting risks. The underlying assessment model and calculation logic are highly customizable and can be integrated into existing toolchains.
|
||||
|
||||
## Sponsor
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user