6c95a7668e
- added Video: [ISO/SAE 21434 by Example](https://youtu.be/3LsNx-ljIK8?t=1180) - added example: [ISO/SAE 21434 Annex G Example in YAKINDU Security Analyst](https://github.com/Yakindu/YSA-examples) - added paid tool: [YAKINDU Security Analyst](https://www.itemis.com/de/yakindu/security-analyst/) - YAKINDU Security Analyst is a model-based software tool for threat analysis and risk assessment of technical systems. With Security Analyst you can identify your protection needs, analyze possible threats and calculate the resulting risks. The underlying assessment model and calculation logic are highly customizable and can be integrated into existing toolchains. disclaimer: I'm a developer of it and speaker in that talk |
||
|---|---|---|
| images | ||
| .travis.yml | ||
| Contributing.md | ||
| Dockerfile | ||
| LICENSE | ||
| README.md | ||
Awesome Threat Modeling 
A curated list of threat modeling resources (books, courses - free and paid, videos, tools, tutorials and workshop to practice on) for learning Threat modeling and initial phases of security review.
Contributions welcome. Add links through pull requests or create an issue to start a discussion.
Contents
Books
Books on threat modeling.
Courses
Courses/Training videos on threat modeling.
Free
Paid
Videos
Videos talking about Threat modeling.
-
Threat Model Every Story: Practical Continuous Threat Modeling Work for Your Team
-
An Agile Approach to Threat Modeling for Securing Open Source Project EdgeX Foundry
Tutorials and Blogs
Tutorials and blogs that explain threat modeling
-
DevSecOps, Threat Modeling and You: Get started using the STRIDE method
-
How to Create a Threat Model for Cloud Infrastructure Security
-
How to get started with Threat Modeling, before you get hacked
-
How to analyze the security of your application with threat modeling
-
7 Easy Steps For Building a Scalable Threat Modeling Process
Threat Model examples
Threat model examples for reference.
Tools
Tools which helps in threat modelling.
Free tools
-
OWASP Threat Dragon - An online threat modelling web application including system diagramming and a rule engine to auto-generate threats/mitigations.
-
Microsoft Threat Modeling Tool - Microsoft Threat Modeling Tool 2016 is a tool that helps in finding threats in the design phase of software projects.
-
Owasp-threat-dragon-gitlab - This project is a fork of the original OWASP Threat Dragon web application by Mike Goodwin with Gitlab integration instead of GitHub. You can use it with the Gitlab.com or your own instance of Gitlab.
-
Raindance - Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.
-
Threatspec - Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process.
-
PyTM - PyTM is an open source project providing a library for threat modeling with code. Describe your system using OO syntax (object.property = value) and have your threat modeling report automatically generated.
Paid tools
-
Irius risk - Iriusrisk is a threat modeling tool with an adaptive questionnaire driven by an expert system which guides the user through straight forward questions about the technical architecture, the planned features and security context of the application.
-
SD elements - Automate Threat Modeling with SD Elements.
-
Foreseeti - SecuriCAD Vanguard is an attack simulation and automated threat modeling SaaS service that enables you to automatically simulate attacks on a virtual model of your AWS environment.
-
YAKINDU Security Analyst - YAKINDU Security Analyst is a model-based software tool for threat analysis and risk assessment of technical systems. With Security Analyst you can identify your protection needs, analyze possible threats and calculate the resulting risks. The underlying assessment model and calculation logic are highly customizable and can be integrated into existing toolchains.
Sponsor
Contributing
Please refer the guidelines at contributing.md for details.