| images | ||
| .travis.yml | ||
| Contributing.md | ||
| Dockerfile | ||
| LICENSE | ||
| README.md | ||
Awesome Threat Modeling 
A curated list of threat modeling resources ( Books, courses - free and paid, videos, tools, tutorials and workshop to practice on ) for learning Threat modeling and initial phases of security review.
Contributions welcome. Add links through pull requests or create an issue to start a discussion.
Contents
- Books
- Courses +Free +Paid
- Videos
- Tutorials and Blogs
- Threat Model examples
- Tools +Free tools +Paid tools
- Contributing
- License
- Sponsor
Books
Books on threat modeling
-Threat Modeling: Designing for Security by Adam Shostack
-Threat Modeling by Frank Swiderski, Window Snyder
-Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis by Tony UcedaVelez (Author), Marco M. Morana (Author)
-Threat Modeling by Matthew J. Coles, Izar Tarandach
Courses
Courses/Training videos on threat modeling
Free
-Threat Modeling, or Architectural Risk Analysis by Coursera
-Threat Modeling Workshop by Robert Hurlbut
Paid
-DevSecOps Expert by Practical DevSecOps
-Threat Modeling Fundamentals by Pluralsight
-CyberSec First Responder: Threat Detection & Response CFR210 by Stone River eLearning
-Learning Threat Modeling for Security Professionals by Adam Shostack
-Threat Modeling: Spoofing In Depth by Adam Shostack
-Threat Modeling: Tampering in Depth by Adam Shostack
-Threat Modeling or Whiteboard Hacking training by Toreon
Videos
Videos talking about Threat modeling
-Introduction, Threat Models by -MIT OpenCourseWare
-Creating a Threat Model using TMT 2016 by Alan B. Watkins
-Using Threat Modeling by Synopsys
-Threat Modeling in 2019 by Adam Shostack
-Threat Modeling Toolkit by Jonathan Marcil
-Adaptive Threat Modelling by Aaron Bedra
-Threat modeling by Erlend Oftedal
-Threat Model Every Story: Practical Continuous Threat Modeling Work for Your Team by Izar Tarandach
-Threat Modeling for Secure Software Design by Robert Hurlbut
-Fixing Threat Models with OWASP Efforts by Tony UcedaVelez
-Designing for Security through Threat Modelling
-Unlocking Threat Modeling by Brook Schoenfield
-An Agile Approach to Threat Modeling for Securing Open Source Project EdgeX Foundry by Tingyu Zeng
Tutorials and Blogs
Tutorials and blogs that explain threat modeling
-Threat Modeling: What, Why, and How? By Adam Shostack
-Threat Modeling: 12 Available Methods By Carnegie Mellon University
-What Is Security Threat Modeling? by Lawrence C. Miller, Peter H. Gregory
-Threat-modeling CheatSheet By Owasp by OWASP
-Threat Modeling in the Enterprise, Part 1: Understanding the Basics by Stiliyana Simeonova
-Approachable threat modeling by
-Threat Modeling for Dummies by Adam Englander
-DevSecOps, Threat Modeling and You: Get started using the STRIDE method by Bruno Amaro Almeida
-Threat Modeling: The Why, How, When and Which Tools by Debarghya Pandit
-Threat-modeling datasheet by Synopsys
-Threat Modeling blog by Security Innovation
-Threat Modeling: 6 Mistakes You are Probably Making by Jeff Petters
-How to Create a Threat Model for Cloud Infrastructure Security by Pat Cable
-Why You Should Care About Threat Modelling by Suresh Marisetty
-Benefits of Threat Modeling by Sangita Prajapati
-Threat Modeling: a Summary of Available Methods Whitepaper by Nataliya Shevchenko, Timothy A. Chick, Paige O'Riordan, Thomas Patrick Scanlon, PhD, & Carol Woody, PhD
-Threat Modelling Toolkit by ThoughtWorks
-How to get started with Threat Modeling, before you get hacked by Hackernoon
-Thread Modeling tutorial by Geeks For Geeks
-How to analyze the security of your application with threat modeling by Goran Aviani
-Tactical Threat Modeling by SafeCode
-The Power of a Tailored Threat Model Whitepaper by Looking Glass
-7 Easy Steps For Building a Scalable Threat Modeling Process by Threatmodeler
-Where is my Threat Model? by Abhisek Datta
Threat Model examples
-SSL Threat model by Qualys
-DNS Security: Threat Modeling DNSSEC, DoT, and DoH by Jan Schaumann
-Email Encryption Gateway Threat model by NCC Group
Tools
Tools which helps in threat modelling
Free tools
-OWASP Threat Dragon - An online threat modelling web application including system diagramming and a rule engine to auto-generate threats/mitigations.
-Microsoft Threat Modeling Tool - Microsoft Threat Modeling Tool 2016 is a tool that helps in finding threats in the design phase of software projects.
-Owasp-threat-dragon-gitlab - This project is a fork of the original OWASP Threat Dragon web application by Mike Goodwin with Gitlab integration instead of GitHub. You can use it with the Gitlab.com or your own instance of Gitlab.
-Raindance - Project intended to make Attack Maps part of software development by reducing the time it takes to complete them
-Threatspec - Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process.
Paid tools
-Irius risk - Iriusrisk is a threat modeling tool with an adaptive questionnaire driven by an expert system which guides the user through straight forward questions about the technical architecture, the planned features and security context of the application.
-SD elements - Automate Threat Modeling with SD Elements
-Foreseeti - SecuriCAD Vanguard is an attack simulation and automated threat modeling SaaS service that enables you to automatically simulate attacks on a virtual model of your AWS environment.
Contributing
Please refer the guidelines at contributing.md for details.
License
Sponsor
