A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Go to file
Mohammed A Imran 221ace2ff4
Add PDSO link (#4)
* Add PDSO link

* Make the image full width

* Add new image

* Add link to PDSO University
2020-01-07 16:01:54 +08:00
images Add PDSO link (#4) 2020-01-07 16:01:54 +08:00
.travis.yml Add Threat modelling content to the README.md (#1) 2019-12-29 22:10:38 +08:00
Contributing.md Add Threat modelling content to the README.md (#1) 2019-12-29 22:10:38 +08:00
Dockerfile Add Threat model examples (#2) 2020-01-06 20:25:22 +08:00
LICENSE Initial commit 2019-12-29 14:30:52 +08:00
README.md Add PDSO link (#4) 2020-01-07 16:01:54 +08:00

Awesome Threat Modeling Awesome

A curated list of threat modeling resources (books, courses - free and paid, videos, tools, tutorials and workshop to practice on) for learning Threat modeling and initial phases of security review.

Contributions welcome. Add links through pull requests or create an issue to start a discussion.

Contents

Books

Books on threat modeling.

Courses

Courses/Training videos on threat modeling.

Free

Paid

Videos

Videos talking about Threat modeling.

Tutorials and Blogs

Tutorials and blogs that explain threat modeling

Threat Model examples

Threat model examples for reference.

Tools

Tools which helps in threat modelling.

Free tools

  • OWASP Threat Dragon - An online threat modelling web application including system diagramming and a rule engine to auto-generate threats/mitigations.

  • Microsoft Threat Modeling Tool - Microsoft Threat Modeling Tool 2016 is a tool that helps in finding threats in the design phase of software projects.

  • Owasp-threat-dragon-gitlab - This project is a fork of the original OWASP Threat Dragon web application by Mike Goodwin with Gitlab integration instead of GitHub. You can use it with the Gitlab.com or your own instance of Gitlab.

  • Raindance - Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.

  • Threatspec - Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process.

Paid tools

  • Irius risk - Iriusrisk is a threat modeling tool with an adaptive questionnaire driven by an expert system which guides the user through straight forward questions about the technical architecture, the planned features and security context of the application.

  • SD elements - Automate Threat Modeling with SD Elements.

  • Foreseeti - SecuriCAD Vanguard is an attack simulation and automated threat modeling SaaS service that enables you to automatically simulate attacks on a virtual model of your AWS environment.

Sponsor

Practical DevSecOps

Contributing

Please refer the guidelines at contributing.md for details.