1860d2575a
* added read-me * revoked the travis error * added the appseco link * Updated `Rvm` * updated flag * updated the url * updated the old * updated the flags * updated the broken links * added the course * updated Readme * Add practical devsecops logo and update readme.md Co-authored-by: Mohammed A Imran <secfigo@gmail.com> |
||
---|---|---|
images | ||
.travis.yml | ||
Contributing.md | ||
LICENSE | ||
README.md |
Welcome to Awesome Threat Modeling
A curated list of threat modeling resources ( Books, courses - free and paid, videos, tools, tutorials and workshop to practice on ) for learning Threat modeling and initial phases of security review.
Contents
Awesome Threat Modeling Resources
Books
Books on threat modeling
-
Threat Modeling: Designing for Security by Adam Shostack
-
Threat Modeling by Frank Swiderski , Window Snyder
-
Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis by Tony UcedaVelez (Author), Marco M. Morana (Author)
-
Threat Modeling by Matthew J. Coles, Izar Tarandach
Courses
Courses/Training videos on threat modeling
Free
Threat Modeling, or Architectural Risk Analysis by Coursera
Threat Modeling Workshop by Robert Hurlbut
Paid
DevSecOps Expert by Practical DevSecOps
Threat Modeling Fundamentals by Pluralsight
CyberSec First Responder: Threat Detection & Response CFR210 by Stone River eLearning
Learning Threat Modeling for Security Professionals by Adam Shostack
Threat Modeling: Spoofing In Depth by Adam Shostack
Threat Modeling: Tampering in Depth by Adam Shostack
Threat Modeling or Whiteboard Hacking training by Toreon
Videos
Videos talking about Threat modeling
Introduction, Threat Models by MIT OpenCourseWare
Creating a Threat Model using TMT 2016 by Alan B. Watkins
Using Threat Modeling by Synopsys
Threat Modeling in 2019 by Adam Shostack
Threat Modeling Toolkit by Jonathan Marcil
Adaptive Threat Modelling by Aaron Bedra
Threat modeling by Erlend Oftedal
Threat Model Every Story: Practical Continuous Threat Modeling Work for Your Team by Izar Tarandach
Threat Modeling for Secure Software Design by Robert Hurlbut
Fixing Threat Models with OWASP Efforts by Tony UcedaVelez
Designing for Security through Threat Modelling
Unlocking Threat Modeling by Brook Schoenfield
An Agile Approach to Threat Modeling for Securing Open Source Project EdgeX Foundry by Tingyu Zeng
Tutorials and Blogs
Tutorials and blogs which explain threat modeling
What Is Security Threat Modeling? by Lawrence C. Miller, Peter H. Gregory
Threat-modeling CheatSheet By Owasp by OWASP
Threat Modeling in the Enterprise, Part 1: Understanding the Basics by Stiliyana Simeonova
Threat Modeling: What, Why, and How? By Adam Shostack
Threat Modeling for Dummies by Adam Englander
DevSecOps, Threat Modeling and You: Get started using the STRIDE method by Bruno Amaro Almeida
Threat Modeling: The Why, How, When and Which Tools by Debarghya Pandit
Threat-modeling datasheet by Synopsys
Threat Modeling blog by Security Innovation
Threat Modeling: 6 Mistakes You’re Probably Making by Jeff Petters
How to Create a Threat Model for Cloud Infrastructure Security by Pat Cable
Why You Should Care About Threat Modelling by Suresh Marisetty
Benefits of Threat Modeling by Sangita Prajapati
Threat Modeling: a Summary of Available Methods Whitepaper by Nataliya Shevchenko, Timothy A. Chick, Paige O’Riordan, Thomas Patrick Scanlon, PhD, & Carol Woody, PhD
Threat Modelling Toolkit by ThoughtWorks
How to get started with Threat Modeling, before you get hacked by Hackernoon
Thread Modeling tutoria by Geeks For Geeks
How to analyze the security of your application with threat modeling by Goran Aviani
Tactical Threat Modeling by SafeCode
The Power of a Tailored Threat Model Whitepaper by Looking Glass
7 Easy Steps For Building a Scalable Threat Modeling Process by Threatmodeler
Where is my Threat Model? by Abhisek Datta
Tools
Tools which helps in threat modelling
Free tools
OWASP Threat Dragon - An online threat modelling web application including system diagramming and a rule engine to auto-generate threats/mitigations.
Microsoft Threat Modeling Tool - Microsoft Threat Modeling Tool 2016 is a tool that helps in finding threats in the design phase of software projects.
Owasp-threat-dragon-gitlab - This project is a fork of the original OWASP Threat Dragon web application by Mike Goodwin with Gitlab integration instead of Github. You can use it with the Gitlab.com or your own instance of Gitlab.
raindance - Project intended to make Attack Maps part of software development by reducing the time it takes to complete them
threatspec - Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process.
Paid tools
Irius risk - Iriusrisk is a threat modeling tool with an adaptive questionnaire driven by an expert system which guides the user through straight forward questions about the technical architecture, the planned features and security context of the application.
SD elements - Automate Threat Modeling with SD Elements
Foreseeti - SecuriCAD Vanguard is an attack simulation and automated threat modeling SaaS service that enables you to automatically simulate attacks on a virtual model of your AWS environment.
Contributing
Please refer the guidelines at contributing.md for details.