threat-modeling

There are 25 repositories under threat-modeling topic.

• veeral-patel / how-to-secure-anything

  How to systematically secure anything: a repository about security engineering

  secure-designsecure-systemssecuritysecurity-architecturesecurity-assurancesecurity-engineeringthreat-modeling
  10180
• Security-101

  microsoft / Security-101

  8 Lessons, Kick-start Your Cybersecurity Learning.

  appseccia-triaddata-protectiondata-securityiamidentityrisk-managementsecopssecuritythreat-modelingzero-trust
  Language:HTML 5858
• awesome-threat-modelling

  hysnsec / awesome-threat-modelling

  A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

  appsecawesomeawesome-listdevsecopsdevsecops-universitypractical-devsecopssecurity-reviewthreat-modeling
  Language:Dockerfile 1659

• OWASP / threat-dragon

  An open source threat modeling tool from OWASP

  threat-modelingsdlcowaspowasp-threat-dragonthreat-dragon
  Language:JavaScript 1201

• OWASP / pytm

  A Pythonic framework for threat modeling

  data-flow-diagramsequence-diagramdfdpythonic-frameworkthreatsthreat-modelingthreat-modeling-from-codesecure-developmentdiagramdataflow
  Language:Python 1058

• michenriksen / drawio-threatmodeling

  Draw.io libraries for threat modeling diagrams

  drawiothreat-modelingdata-flow-diagramattack-treesdiagrammingsdldfd
  777
• threagile

  Threagile / threagile

  Agile Threat Modeling Toolkit

  devsecopsagilesecurityarchitectureinfosecthreagilecicdrisk-analysisrisk-managementthreat-modeling
  Language:Go 708

• awslabs / threat-composer

  A simple threat modeling tool to help humans to reduce time-to-value when threat modeling

  threat-modelingthreatmodelingthreatmodellingthreat-modeling-toolthreat-modelling-toolvscode-extension
  Language:TypeScript 635

• TalEliyahu / Threat_Model_Examples

  A collection of real-world threat model examples across various technologies, providing practical insights into identifying and mitigating security risks.

  risk-assessmentthreatthreat-analysisthreat-modelingcybersecurity
  461

• OWASP / threat-model-cookbook

  This project is about creating and publishing threat model examples.

  appsecthreat-modelthreat-modelingthreat-modellingthreat-models
  Language:Python 427

• Autodesk / continuous-threat-modeling

  A Continuous Threat Modeling methodology

  application-securitysecure-developmentthreat-modeling
  327
• gram

  klarna-incubator / gram

  Gram is Klarna's own threat model diagramming tool

  appseccybersecurityinfosecthreat-modeling
  Language:TypeScript 325

• sapphirex00 / Threat-Hunting

  Personal compilation of APT malware from whitepaper releases, documents and own research

  threat-huntingthreat-intelligencethreat-sharingthreat-modelingcollectionmalwaremalware-analysismalware-researchyara-rulesmalware-detection
  265
• Agent-Wiz

  Repello-AI / Agent-Wiz

  A CLI tool for threat modeling and visualizing AI agents built using popular frameworks like LangGraph, AutoGen, CrewAI, and more.

  agentagentic-aiaiai-agentsautogencrewailangraphllama-indexn8nopenaiopenai-agents-sdkpydanticsecurity-toolsswarmthreat-modelinghacktoberfesthacktoberfest2025
  Language:Python 254

• iriusrisk / OpenThreatModel

  The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.

  cyber-securitycybersecurityopen-sourceopensourcethreat-modeling
  177

• 0xsha / sweetie-data

  This repo contains logstash of various honeypots

  data-sciencedatasethoneypotlogstashmalware-researchsamplesthreat-intelligencethreat-modelingthreatintel
  174

• AzureArchitecture / threat-model-templates

  Templates for the Microsoft Threat Modeling Tool

  threat-modelthreat-modelingstridesecuritysdlattackcybersecurityfabricmitremitre-attackpurview
  172

• cairis-platform / cairis

  Computer Aided Integration of Requirements and Information Security - Server

  securityusabilityusability-usable-securitypersonasrequirementsrequirements-managementrisk-analysisrisk-modelsarchitectural-patternsarchitecturecairisuxpythonmysqlgraphvizthreat-modelingattack-patterns
  Language:Python 165

• awslabs / threat-designer

  Threat Designer is a GenerativeAI application designed to automate and streamline the threat modeling process for secure system design.

  cybersecuritygenerativeaithreat-modelingagentic-aiappsecdevsecopsthreatmodelingthreat-modeling-toolthreatmodelling
  Language:JavaScript 158

• yevh / TaaC-AI

  AI-driven Threat modeling-as-a-Code (TaaC-AI)

  aiapplication-securityclaude-3devsecopsgptgpt-3gpt-4llm-securitymistral-7bsecure-developmenttaacthreatthreat-modelingthreat-modeling-from-codethreat-modeling-toolthreat-models
  Language:HTML 151

• dehydr8 / elevation-of-privilege

  An online multiplayer version of the Elevation of Privilege (EoP) threat modeling card game

  threat-modelingstrideboardgame-iothreat-dragoneopcard-game
  Language:JavaScript 147

• Karneades / awesome-security-card-games

  A curated list of security card games.

  application-securityawesomeawesome-listcard-gamecryptographyeducationeducational-gameincident-responsethreat-modeling
  139

• redshiftzero / awesome-threat-modeling

  a curated list of useful threat modeling resources

  threat-modelingsecurityrisk-assessment
  139
• ThreatIntel-Reports

  mthcht / ThreatIntel-Reports

  Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports

  aptcticyber-threat-intelligencemalware-analysismalware-analysis-reportsmalware-researchthreat-analysisthreat-huntingthreat-intelligencethreat-modelingthreatintel
  Language:Python 137

• Kwangsa19 / Ketmanto-Cybersecurity-Portfolio

  I developed a rigorous cybersecurity project portfolio on mock clients covering NIST, audits, Linux, SQL, assets, threats, vulnerabilities, detection, incident response, escalation, Wireshark, tcpdump, IDS (Suricata), SIEM (Splunk, Chronicle), and Python automation.

  cybersecurityincident-responselinuxpythonsecuritysecurity-auditsecurity-automationsqlthreat-modelingchroniclesplunksuricatatcpdumpwiresharkescalationnistplaybooksiempastaids
  Language:Jupyter Notebook 124

• nutonomy / AVCDL

  This repository contains material related to A Versatile Cybersecurity Development Lifecycle (AVCDL)

  avcdldevelopment-lifecyclecybersecurityautonomous-vehiclesautomotive-securityfuzz-testingpenetration-testingthreat-modelingattack-surface-analysisiso-24089iso-sae-21434threat-prioritizationun-r155un-r156
  112

• tidalcyber / cyber-threat-profiling

  A library of reference materials, tools, and other resources to aid threat profiling, threat quantification, and cyber adversary defense

  adversarial-attackscybersecuritypurpleteamransomwareriskthreat-intelligencethreat-modeling
  98

• paulveillard / cybersecurity-red-team

  An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Red Team (Offensive) in Cybersecurity.

  red-teamred-teamingblue-teamred-teamscybersecuritysecurity-toolssecurity-vulnerability-assessmenttechnical-analysispenetration-testingpenetration-resistance-modelingthreat-intelligencethreat-modeling
  97

• 3CORESec / S2AN

  S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

  mitre-attacksigmasigma-rulessuricatasuricata-rulesthreat-huntingthreat-modeling
  Language:C# 89

• CloudDefenseAI / falco_extended_rules

  Curating Falco rules with MITRE ATT&CK Matrix

  cloudsecuritydevopsdevsecopskuberentessecuritycnappcspmsecurity-toolsthreat-analysisvulnerability-detectionvulnerability-scannersfalcomalwarethreatthreat-modelingcontainer-securitykubernetes-securitymalware-analysisworkload-securityzero-day
  Language:Python 84

• OWASP / cornucopia

  The source files and tools needed to build the OWASP Cornucopia decks in various languages

  gamificationthreat-modelingappseccard-gamescardgamegamesgameserverowasprequirements-analysis
  Language:Elixir 82

• TNG / elevation-of-privilege

  An online multiplayer version of the threat modeling card games: Elevation of Privilege (EoP), OWASP Cornucopia, OWASP Cumulus, and Elevation of MLsec.

  cornucopiacumuluselevation-of-privilegeeopmlsecowaspsecuritysecurity-toolsthreat-modeling
  Language:TypeScript 79

• OWASP / threat-dragon-desktop

  Desktop variant of OWASP Threat Dragon

  threat-modelingsdlcowaspowasp-threat-dragonthreat-dragon
  78

• mllamazares / STRIDE-vs-ASVS

  🖇️ STRIDE vs. ASVS equivalence table

  asvssecurity-requirementsstridethreat-modelingcybersecurityowaspsecurity
  76

• nxenon / DevSecOps

  ♾️ Collection of DevSecOps Notes + Resources + Courses + Tools

  devsecopsdevsecops-best-practicessdlcsecure-developmentdevsecops-notesdevsecops-resourcesiastsastsbomsecret-managementsecure-codingsoftware-bill-of-materialsoftware-composition-analysisthreat-modelthreat-modelingstatic-analysis-security-testingdefectdojodependency-track
  Language:Python 69

• rusakovichma / TicTaaC

  Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. Sugar-Free and Secure: no any external dependencies except for chart plotting are used

  threat-modelingthreat-modeling-toolapplication-securitythreat-modelsthreat-modeling-from-codethreat-modelthreatsecure-developmentappsecdevsecops
  Language:Java 66