Learn more about Threat Modeling

How can I learn about Threat Modeling?

There are lots of threat modeling approaches and tools. Here’s a short list of great resources that will get you headed in the right direction!

• https://www.threatmodelingmanifesto.org/
• https://safecode.org/safecodepublications/tactical-threat-modeling/
• https://www.owasp.org/index.php/Category:Threat_Modeling
• https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html
• https://www.sans.org/top25-software-errors/
• https://learning.oreilly.com/library/view/threat-modeling-designing/9781118810057/
• https://learning.oreilly.com/library/view/threat-modeling/9781492056546/

Are there talks at BlackHat or DEF CON about Threat Modeling?

Yes! A lot of security related talks will touch on some aspects of Threat Modeling. That said there were several talks and workshops specifically around Threat Modeling at BlackHat and DEF CONs in the past. We will update this last when this year’s BlackHat and DEF CON schedules are announced.

BlackHat USA Workshops

• Adam Shostack’s Threat Modeling Intensive
• Advanced Whiteboard Hacking – aka Hands-on Threat Modeling

Diana Initiative

• Threat Modeling in 600 seconds or less (ok, I lied, more like 2,400)

DEF CON

• Blue Team Village: Even my Dad is a Threat Modeler!
• Demo Labs : Control Validation Compass – Threat Modeling Aide & Purple Team Content Repo
• AppSec Village : Hands-on Threat Modeling