www.threatmodelingconnect.com
Open in
urlscan Pro
2600:9000:2057:9400:1a:443b:fb40:93a1
Public Scan
Submitted URL: https://threatmodellingconnect.com/
Effective URL: https://www.threatmodelingconnect.com/
Submission: On March 20 via api from US — Scanned from DE
Effective URL: https://www.threatmodelingconnect.com/
Submission: On March 20 via api from US — Scanned from DE
Form analysis
5 forms found in the DOM<form>
<div class="search-and-filter-wrapper"><span>
<div class="algolia-search-container" role="combobox" aria-haspopup="listbox" aria-labelledby="downshift-3-label">
<div class="algolia-search-container--empty-input">
<div class="search-box"><input aria-label="Search" type="search" placeholder="Search" autocomplete="off" autocorrect="off" autocapitalize="off" class="search-box__input" aria-autocomplete="list" aria-labelledby="downshift-3-label"
id="downshift-3-input"><button type="submit" aria-label="Enter" class="search-box__submit"><svg aria-hidden="true" width="16" height="16" class="" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
<path
d="M15.5 14H14.71L14.43 13.73C15.41 12.59 16 11.11 16 9.5C16 5.91 13.09 3 9.5 3C5.91 3 3 5.91 3 9.5C3 13.09 5.91 16 9.5 16C11.11 16 12.59 15.41 13.73 14.43L14 14.71V15.5L19 20.49L20.49 19L15.5 14ZM9.5 14C7.01 14 5 11.99 5 9.5C5 7.01 7.01 5 9.5 5C11.99 5 14 7.01 14 9.5C14 11.99 11.99 14 9.5 14Z"
fill="currentColor"></path>
</svg></button><button type="reset" aria-label="Clear search" class="search-box__reset" style="opacity: 0;"><svg aria-hidden="true" width="16" height="16" viewBox="0 0 16 16" fill="none" class="">
<path
d="M8.00065 1.33334C4.31398 1.33334 1.33398 4.31334 1.33398 8.00001C1.33398 11.6867 4.31398 14.6667 8.00065 14.6667C11.6873 14.6667 14.6673 11.6867 14.6673 8.00001C14.6673 4.31334 11.6873 1.33334 8.00065 1.33334ZM11.334 10.3933L10.394 11.3333L8.00065 8.94001L5.60732 11.3333L4.66732 10.3933L7.06065 8.00001L4.66732 5.60668L5.60732 4.66668L8.00065 7.06001L10.394 4.66668L11.334 5.60668L8.94065 8.00001L11.334 10.3933Z"
fill="currentColor"></path>
</svg></button></div>
</div>
</div>
</span></div>
</form>
GET /search/index
<form method="get" action="/search/index">
<div>
<div class="search-and-filter-wrapper"><span>
<div class="algolia-search-container" role="combobox" aria-haspopup="listbox" aria-labelledby="downshift-2-label">
<div class="algolia-search-container--empty-input">
<div class="search-box"><input aria-label="Search" type="search" placeholder="Search" autocomplete="off" autocorrect="off" autocapitalize="off" class="search-box__input" aria-autocomplete="list" aria-labelledby="downshift-2-label"
id="downshift-2-input"><button type="submit" aria-label="Enter" class="search-box__submit"><svg aria-hidden="true" width="16" height="16" class="" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
<path
d="M15.5 14H14.71L14.43 13.73C15.41 12.59 16 11.11 16 9.5C16 5.91 13.09 3 9.5 3C5.91 3 3 5.91 3 9.5C3 13.09 5.91 16 9.5 16C11.11 16 12.59 15.41 13.73 14.43L14 14.71V15.5L19 20.49L20.49 19L15.5 14ZM9.5 14C7.01 14 5 11.99 5 9.5C5 7.01 7.01 5 9.5 5C11.99 5 14 7.01 14 9.5C14 11.99 11.99 14 9.5 14Z"
fill="currentColor"></path>
</svg></button><button type="reset" aria-label="Clear search" class="search-box__reset" style="opacity: 0;"><svg aria-hidden="true" width="16" height="16" viewBox="0 0 16 16" fill="none" class="">
<path
d="M8.00065 1.33334C4.31398 1.33334 1.33398 4.31334 1.33398 8.00001C1.33398 11.6867 4.31398 14.6667 8.00065 14.6667C11.6873 14.6667 14.6673 11.6867 14.6673 8.00001C14.6673 4.31334 11.6873 1.33334 8.00065 1.33334ZM11.334 10.3933L10.394 11.3333L8.00065 8.94001L5.60732 11.3333L4.66732 10.3933L7.06065 8.00001L4.66732 5.60668L5.60732 4.66668L8.00065 7.06001L10.394 4.66668L11.334 5.60668L8.94065 8.00001L11.334 10.3933Z"
fill="currentColor"></path>
</svg></button></div>
</div>
</div>
</span></div>
</div>
</form>
Name: register — POST /member/register
<form name="register" method="post" action="/member/register" class="form js-ajax-form--registration" novalidate="novalidate">
<div class="js-notification ">
<div class="box box__pad is-hidden">
<ul></ul>
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" class="label required" for="register_user_username"> Username * </label>
</div>
<div class="second">
<input type="text" id="register_user_username" name="register[user][username]" required="required">
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" class="label required" for="register_user_email"> E-mail address * </label>
</div>
<div class="second">
<input type="email" id="register_user_email" name="register[user][email]" required="required">
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" data-private="1" data-private-label="Private" data-private-description="Only you and moderators can see this information" class="label" for="register_customfield_10"> First Name <div data-view="Tooltip"
class="tooltip tooltip--day text--normal">
<span class="text--meta tooltip-trigger js-tooltip-trigger" aria-haspopup="true">(Private)</span>
<div class="tooltip__content tooltip__content--profile js-tooltip-content"><i class="arrow"></i> Only you and moderators can see this information </div>
</div> * </label>
</div>
<div class="second">
<input type="text" id="register_customfield_10" name="register[customfield][10]" data-minchar="" data-maxchar="1000" placeholder=" "
data-labels="{"single":"{n} character left","plural":"{n} characters left"}">
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" data-private="1" data-private-label="Private" data-private-description="Only you and moderators can see this information" class="label" for="register_customfield_11"> Last Name <div data-view="Tooltip"
class="tooltip tooltip--day text--normal">
<span class="text--meta tooltip-trigger js-tooltip-trigger" aria-haspopup="true">(Private)</span>
<div class="tooltip__content tooltip__content--profile js-tooltip-content"><i class="arrow"></i> Only you and moderators can see this information </div>
</div> * </label>
</div>
<div class="second">
<input type="text" id="register_customfield_11" name="register[customfield][11]" data-minchar="" data-maxchar="1000" placeholder=" "
data-labels="{"single":"{n} character left","plural":"{n} characters left"}">
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" data-private="1" data-private-label="Private" data-private-description="Only you and moderators can see this information" class="label" for="register_customfield_5"> Company <div data-view="Tooltip"
class="tooltip tooltip--day text--normal">
<span class="text--meta tooltip-trigger js-tooltip-trigger" aria-haspopup="true">(Private)</span>
<div class="tooltip__content tooltip__content--profile js-tooltip-content"><i class="arrow"></i> Only you and moderators can see this information </div>
</div> * </label>
</div>
<div class="second">
<input type="text" id="register_customfield_5" name="register[customfield][5]" data-minchar="" data-maxchar="1000" placeholder=""
data-labels="{"single":"{n} character left","plural":"{n} characters left"}">
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" class="label" for="register_customfield_16"> Role * </label>
</div>
<div class="second">
<select id="register_customfield_16" name="register[customfield][16]" class="userProfileFieldSelect">
<option value=""></option>
<option value="i_am_a_developer_devops_engineer_or_other_technical_team_member">I am a developer, DevOps engineer, or other technical team member</option>
<option value="i_am_a_security_engineer_security_architect_or_other_security_team_member">I am a security engineer, security architect, or other security team member</option>
<option value="i_am_a_technical_team_leader">I am a technical team leader</option>
<option value="i_am_a_product_manager">I am a product manager</option>
<option value="i_am_a_business_leader">I am a business leader</option>
<option value="i_am_a_cybersecurity_leader">I am a cybersecurity leader</option>
<option value="i_am_a_governance_and_compliance_leader">I am a governance and compliance leader</option>
<option value="i_am_a_student">I am a student</option>
<option value="other">Other</option>
</select>
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" class="label" for="register_customfield_17"> Country * </label>
</div>
<div class="second">
<select id="register_customfield_17" name="register[customfield][17]" class="userProfileFieldSelect">
<option value=""></option>
<option value="aaland_islands_s">Aaland Islands</option>
<option value="afghanistan_s">Afghanistan</option>
<option value="albania_s">Albania</option>
<option value="algeria_s">Algeria</option>
<option value="american_samoa_s">American Samoa</option>
<option value="andorra_s">Andorra</option>
<option value="angola_s">Angola</option>
<option value="anguilla_s">Anguilla</option>
<option value="antarctica_s">Antarctica</option>
<option value="antigua_and_barbuda_s">Antigua And Barbuda</option>
<option value="argentina_s">Argentina</option>
<option value="armenia_s">Armenia</option>
<option value="aruba_s">Aruba</option>
<option value="australia_s">Australia</option>
<option value="austria_s">Austria</option>
<option value="azerbaijan_s">Azerbaijan</option>
<option value="bahamas_s">Bahamas</option>
<option value="bahrain_s">Bahrain</option>
<option value="bangladesh_s">Bangladesh</option>
<option value="barbados_s">Barbados</option>
<option value="belarus_s">Belarus</option>
<option value="belgium_s">Belgium</option>
<option value="belize_s">Belize</option>
<option value="benin_s">Benin</option>
<option value="bermuda_s">Bermuda</option>
<option value="bhutan_s">Bhutan</option>
<option value="bolivia_s">Bolivia</option>
<option value="bosnia_and_herzegowina_s">Bosnia and Herzegowina</option>
<option value="botswana_s">Botswana</option>
<option value="bouvet_island_s">Bouvet Island</option>
<option value="brazil_s">Brazil</option>
<option value="british_indian_ocean_territory_s">British Indian Ocean Territory</option>
<option value="brunei_darussalam_s">Brunei Darussalam</option>
<option value="bulgaria_s">Bulgaria</option>
<option value="burkina_faso_s">Burkina Faso</option>
<option value="burundi_s">Burundi</option>
<option value="cambodia_s">Cambodia</option>
<option value="cameroon_s">Cameroon</option>
<option value="canada_s">Canada</option>
<option value="cape_verde_s">Cape Verde</option>
<option value="cayman_islands_s">Cayman Islands</option>
<option value="central_african_republic_s">Central African Republic</option>
<option value="chad_s">Chad</option>
<option value="chile_s">Chile</option>
<option value="china_s">China</option>
<option value="christmas_island_s">Christmas Island</option>
<option value="cocos_(keeling)_islands_s">Cocos (Keeling) Islands</option>
<option value="colombia_s">Colombia</option>
<option value="comoros_s">Comoros</option>
<option value="congo_s">Congo</option>
<option value="cook_islands_s">Cook Islands</option>
<option value="costa_rica_s">Costa Rica</option>
<option value="cote_d'ivoire_s">Cote D'Ivoire</option>
<option value="croatia_s">Croatia</option>
<option value="cuba_s">Cuba</option>
<option value="cyprus_s">Cyprus</option>
<option value="czech_republic_s">Czech Republic</option>
<option value="denmark_s">Denmark</option>
<option value="djibouti_s">Djibouti</option>
<option value="dominica_s">Dominica</option>
<option value="dominican_republic_s">Dominican Republic</option>
<option value="ecuador_s">Ecuador</option>
<option value="egypt_s">Egypt</option>
<option value="el_salvador_s">El Salvador</option>
<option value="equatorial_guinea_s">Equatorial Guinea</option>
<option value="eritrea_s">Eritrea</option>
<option value="estonia_s">Estonia</option>
<option value="ethiopia_s">Ethiopia</option>
<option value="falkland_islands_(malvinas)_s">Falkland Islands (Malvinas)</option>
<option value="faroe_islands_s">Faroe Islands</option>
<option value="fiji_s">Fiji</option>
<option value="finland_s">Finland</option>
<option value="france_s">France</option>
<option value="french_guiana_s">French Guiana</option>
<option value="french_polynesia_s">French Polynesia</option>
<option value="french_southern_territories_s">French Southern Territories</option>
<option value="gabon_s">Gabon</option>
<option value="gambia_s">Gambia</option>
<option value="georgia_s">Georgia</option>
<option value="germany_s">Germany</option>
<option value="ghana_s">Ghana</option>
<option value="gibraltar_s">Gibraltar</option>
<option value="greece_s">Greece</option>
<option value="greenland_s">Greenland</option>
<option value="grenada_s">Grenada</option>
<option value="guadeloupe_s">Guadeloupe</option>
<option value="guam_s">Guam</option>
<option value="guatemala_s">Guatemala</option>
<option value="guinea_s">Guinea</option>
<option value="guinea-bissau_s">Guinea-Bissau</option>
<option value="guyana_s">Guyana</option>
<option value="haiti_s">Haiti</option>
<option value="honduras_s">Honduras</option>
<option value="hong_kong_s">Hong Kong</option>
<option value="hungary_s">Hungary</option>
<option value="iceland_s">Iceland</option>
<option value="india_s">India</option>
<option value="indonesia_s">Indonesia</option>
<option value="iran_s">Iran</option>
<option value="iraq_s">Iraq</option>
<option value="ireland_s">Ireland</option>
<option value="israel_s">Israel</option>
<option value="italy_s">Italy</option>
<option value="jamaica_s">Jamaica</option>
<option value="japan_s">Japan</option>
<option value="jordan_s">Jordan</option>
<option value="kazakhstan_s">Kazakhstan</option>
<option value="kenya_s">Kenya</option>
<option value="kiribati_s">Kiribati</option>
<option value="kuwait_s">Kuwait</option>
<option value="kyrgyzstan_s">Kyrgyzstan</option>
<option value="laos_s">Laos</option>
<option value="latvia_s">Latvia</option>
<option value="lebanon_s">Lebanon</option>
<option value="lesotho_s">Lesotho</option>
<option value="liberia_s">Liberia</option>
<option value="libya_s">Libya</option>
<option value="liechtenstein_s">Liechtenstein</option>
<option value="lithuania_s">Lithuania</option>
<option value="luxembourg_s">Luxembourg</option>
<option value="macau_s">Macau</option>
<option value="macedonia_s">Macedonia</option>
<option value="madagascar_s">Madagascar</option>
<option value="malawi_s">Malawi</option>
<option value="malaysia_s">Malaysia</option>
<option value="maldives_s">Maldives</option>
<option value="mali_s">Mali</option>
<option value="malta_s">Malta</option>
<option value="marshall_islands_s">Marshall Islands</option>
<option value="martinique_s">Martinique</option>
<option value="mauritania_s">Mauritania</option>
<option value="mauritius_s">Mauritius</option>
<option value="mayotte_s">Mayotte</option>
<option value="mexico_s">Mexico</option>
<option value="micronesia_s">Micronesia</option>
<option value="moldova_s">Moldova</option>
<option value="monaco_s">Monaco</option>
<option value="mongolia_s">Mongolia</option>
<option value="montserrat_s">Montserrat</option>
<option value="morocco_s">Morocco</option>
<option value="mozambique_s">Mozambique</option>
<option value="myanmar_s">Myanmar</option>
<option value="namibia_s">Namibia</option>
<option value="nauru_s">Nauru</option>
<option value="nepal_s">Nepal</option>
<option value="netherlands_s">Netherlands</option>
<option value="netherlands_antilles_s">Netherlands Antilles</option>
<option value="new_caledonia_s">New Caledonia</option>
<option value="new_zealand_s">New Zealand</option>
<option value="nicaragua_s">Nicaragua</option>
<option value="niger_s">Niger</option>
<option value="nigeria_s">Nigeria</option>
<option value="niue_s">Niue</option>
<option value="norfolk_island_s">Norfolk Island</option>
<option value="north_korea_s">North Korea</option>
<option value="northern_mariana_islands_s">Northern Mariana Islands</option>
<option value="norway_s">Norway</option>
<option value="oman_s">Oman</option>
<option value="other_s">Other</option>
<option value="pakistan_s">Pakistan</option>
<option value="palau_s">Palau</option>
<option value="palestina_s">Palestina</option>
<option value="panama_s">Panama</option>
<option value="papua_new_guinea_s">Papua New Guinea</option>
<option value="paraguay_s">Paraguay</option>
<option value="peru_s">Peru</option>
<option value="philippines_s">Philippines</option>
<option value="pitcairn_s">Pitcairn</option>
<option value="poland_s">Poland</option>
<option value="portugal_s">Portugal</option>
<option value="puerto_rico_s">Puerto Rico</option>
<option value="qatar_s">Qatar</option>
<option value="reunion_s">Reunion</option>
<option value="romania_s">Romania</option>
<option value="russian_federation_s">Russian Federation</option>
<option value="rwanda_s">Rwanda</option>
<option value="saint_helena_s">Saint Helena</option>
<option value="saint_kitts_and_nevis_s">Saint Kitts and Nevis</option>
<option value="saint_lucia_s">Saint Lucia</option>
<option value="saint_pierre_and_miquelon_s">Saint Pierre and Miquelon</option>
<option value="saint_vincent_and_the_grenadines_s">Saint Vincent and the Grenadines</option>
<option value="samoa_s">Samoa</option>
<option value="san_marino_s">San Marino</option>
<option value="sao_tome_and_principe_s">Sao Tome and Principe</option>
<option value="saudi_arabia_s">Saudi Arabia</option>
<option value="senegal_s">Senegal</option>
<option value="serbia_and_montenegro_s">Serbia and Montenegro</option>
<option value="seychelles_s">Seychelles</option>
<option value="sierra_leone_s">Sierra Leone</option>
<option value="singapore_s">Singapore</option>
<option value="slovak_republic_s">Slovak Republic</option>
<option value="slovakia_s">Slovakia</option>
<option value="slovenia_s">Slovenia</option>
<option value="solomon_islands_s">Solomon Islands</option>
<option value="somalia_s">Somalia</option>
<option value="south_africa_s">South Africa</option>
<option value="south_korea_s">South Korea</option>
<option value="spain_s">Spain</option>
<option value="sri_lanka_s">Sri Lanka</option>
<option value="sudan_s">Sudan</option>
<option value="suriname_s">Suriname</option>
<option value="swaziland_s">Swaziland</option>
<option value="sweden_s">Sweden</option>
<option value="switzerland_s">Switzerland</option>
<option value="syrian_arab_republic_s">Syrian Arab Republic</option>
<option value="taiwan_s">Taiwan</option>
<option value="tajikistan_s">Tajikistan</option>
<option value="tanzania_s">Tanzania</option>
<option value="thailand_s">Thailand</option>
<option value="timor-leste_s">Timor-Leste</option>
<option value="togo_s">Togo</option>
<option value="tokelau_s">Tokelau</option>
<option value="tonga_s">Tonga</option>
<option value="trinidad_and_tobago_s">Trinidad and Tobago</option>
<option value="tunisia_s">Tunisia</option>
<option value="turkey_s">Turkey</option>
<option value="turkmenistan_s">Turkmenistan</option>
<option value="turks_and_caicos_islands_s">Turks and Caicos Islands</option>
<option value="tuvalu_s">Tuvalu</option>
<option value="uganda_s">Uganda</option>
<option value="ukraine_s">Ukraine</option>
<option value="united_arab_emirates_s">United Arab Emirates</option>
<option value="united_kingdom_s">United Kingdom</option>
<option value="united_states_s">United States</option>
<option value="united_states_minor_outlying_islands_s">United States Minor Outlying Islands</option>
<option value="uruguay_s">Uruguay</option>
<option value="uzbekistan_s">Uzbekistan</option>
<option value="vanuatu_s">Vanuatu</option>
<option value="vatican_city_state_(holy_see)_s">Vatican City State (Holy See)</option>
<option value="venezuela_s">Venezuela</option>
<option value="viet_nam_s">Viet Nam</option>
<option value="virgin_islands_(british)_s">Virgin Islands (British)</option>
<option value="virgin_islands_(u.s.)_s">Virgin Islands (U.S.)</option>
<option value="wallis_and_futuna_islands_s">Wallis and Futuna Islands</option>
<option value="western_sahara_s">Western Sahara</option>
<option value="yemen_s">Yemen</option>
<option value="zambia_s">Zambia</option>
<option value="zimbabwe_s">Zimbabwe</option>
</select>
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" class="label"> Experience in Threat Modeling * </label>
</div>
<div class="second">
<div id="register_customfield_8"><input type="radio" id="register_customfield_8_0" name="register[customfield][8]" value="getting_started!_(under_2_years)"> <label for="register_customfield_8_0"> Getting started! (under 1 year) </label><input
type="radio" id="register_customfield_8_1" name="register[customfield][8]" value="2-5_years"> <label for="register_customfield_8_1"> 1-5 years </label><input type="radio" id="register_customfield_8_2" name="register[customfield][8]"
value="6+_years"> <label for="register_customfield_8_2"> 6+ years </label></div>
</div>
</div>
<div class="form__row" style="display: none;">
<div class="first">
<label data-required="" class="label" for="register_customfield_12"> source </label>
</div>
<div class="second">
<input type="text" id="register_customfield_12" name="register[customfield][12]" data-minchar="" data-maxchar="1000" placeholder=""
data-labels="{"single":"{n} character left","plural":"{n} characters left"}">
</div>
</div>
<div class="form__row" style="display: none;">
<div class="first">
<label data-required="" class="label" for="register_customfield_13"> medium </label>
</div>
<div class="second">
<input type="text" id="register_customfield_13" name="register[customfield][13]" data-minchar="" data-maxchar="1000" placeholder=""
data-labels="{"single":"{n} character left","plural":"{n} characters left"}">
</div>
</div>
<div class="form__row" style="display: none;">
<div class="first">
<label data-required="" class="label" for="register_customfield_14"> campaign </label>
</div>
<div class="second">
<input type="text" id="register_customfield_14" name="register[customfield][14]" data-minchar="" data-maxchar="1000" placeholder=""
data-labels="{"single":"{n} character left","plural":"{n} characters left"}">
</div>
</div>
<div class="form__row" style="display: none;">
<div class="first">
<label data-required="" class="label" for="register_customfield_15"> search engine </label>
</div>
<div class="second">
<input type="text" id="register_customfield_15" name="register[customfield][15]" data-minchar="" data-maxchar="1000" placeholder=""
data-labels="{"single":"{n} character left","plural":"{n} characters left"}">
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" class="label required" for="register_user_password"> Password * </label>
</div>
<div class="second">
<input type="password" id="register_user_password" name="register[user][password]" required="required">
</div>
</div>
<div class="form__row">
<div class="first choices--stacked fancyselect">
<input type="checkbox" id="register_terms" name="register[terms]" required="required" value="1">
<label for="register_terms" class="required"> I accept the <a href="/site/terms" target="_blank" class="terms">
terms & conditions
</a>
</label>
</div>
</div>
<div class="email_repeat" style="display: none;">
<div class="form__row">
<div class="first">
<label class="label" for="register_email_repeat"> loginBox.register.email_repeat </label>
</div>
<div class="second">
<input type="text" id="register_email_repeat" name="register[email_repeat]">
</div>
</div>
</div>
<button type="submit" id="register_submit" name="register[submit]" class="btn btn--cta btn--full-width"> Register <div class="loader"></div></button>
<input type="hidden" id="register_is_invite" name="register[is_invite]">
<input type="hidden" id="register__token" name="register[_token]" value="DGbANmLjN-BSC4ToiMlwu-GauAoDIj_0t9sKKoxoJK0">
</form>
Name: login — POST /member/login
<form name="login" method="post" action="/member/login" class="form js-ajax-form--login">
<div class="js-notification">
<div class="box box__pad is-hidden">
<ul></ul>
</div>
</div>
<div class="form__row">
<div class="first">
<label class="label required" for="login_usernameOrEmail"> Username or Email Address </label>
</div>
<div class="second">
<input type="text" id="login_usernameOrEmail" name="login[usernameOrEmail]" required="required">
</div>
</div>
<div class="form__row">
<div class="first">
<label class="label required" for="login_password"> Password </label>
</div>
<div class="second">
<input type="password" id="login_password" name="login[password]" required="required">
</div>
</div>
<div class="form__row" style="float: left;">
<div class="first choices--stacked fancyselect">
<input type="checkbox" id="login_remember" name="login[remember]" value="1">
<label for="login_remember"> Remember me </label>
</div>
</div>
<div class="box__pad box--note box--blend" style="float: right; padding: 13.5px 0px;">
<a href="#" class="js-open-modal" data-modal="forgot" tabindex="-1">Forgot password?</a>
</div>
<button type="submit" id="login_submit" name="login[submit]" class="btn btn--cta btn--full-width"> Log in <div class="loader"></div></button>
<div id="create_account">
<h2>Create your account</h2>
<p>Not a member yet? Become a member to join forum discussions, participate in community events and apply to write articles.</p><a id="create_account_btn" class="js-open-modal btn" data-modal="register">Create an account</a>
</div>
<input type="hidden" id="login__token" name="login[_token]" value="vw8MHqekTkTPhlVh2-Id3VvtHo5d5CbR_zuVuiYbfNo">
</form>
Name: forgotPassword — POST /member/forgotPassword
<form name="forgotPassword" method="post" action="/member/forgotPassword" class="form js-ajax-form--forgot" id="form--forgot__240760490">
<div class="js-notification">
<div class="box box__pad is-hidden">
<ul></ul>
</div>
</div>
<div class="form__row">
<div class="first">
<label class="label required" for="forgotPassword_username"> Username or e-mail </label>
</div>
<div class="second">
<input type="text" id="forgotPassword_username" name="forgotPassword[username]" required="required">
</div>
</div>
<div class="form-row first">
<button type="submit" id="forgotPassword_submit" name="forgotPassword[submit]" class="btn btn--cta qa-submit-button"> Send <div class="loader"></div></button>
<a href="#" class="group__item end js-open-modal qa-forgot-password-overview-link" data-modal="login">Back to overview</a>
</div>
<input type="hidden" id="forgotPassword__token" name="forgotPassword[_token]" value="tDGblT5Nw-Q-DXJbwfcXH_o5PhA1fot4b6attdbLt34">
</form>
Text Content
COOKIE POLICY We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies. Accept cookies Deny all Cookie settings × COOKIE SETTINGS We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies. Basic Functional Normal Functional + analytics Complete Functional + analytics + social media + embedded videos Accept cookies * Welcome * Resources * * * Welcome to the resource hub * Resources * Guides4 * Articles11 * Forum * * * Welcome to the forum * Recently active topics * Unanswered questions * Forum * Welcome & Announcements7 * General Discussion30 * Groups * Events * Make a post Login/Register What does a mature security champion program look like? (Fri, Mar 24, 3:00 PM) Hackathon participant? Ask questions, get help from mentors, check out the latest announcements in the hackathon group. Head to the group UPCOMING EVENT Meetup Fri, Mar 24, 3:00 PM WHAT DOES A MATURE SECURITY CHAMPION PROGRAM LOOK LIKE? Online event B 40 members attending40 Attendees40 CURRENT EVENT MARCH 1 - 19, 2023 News SPRING 2023 HACKATHON IN FULL SWING! 🎉 We just kicked off the Spring 2023 Hackathon this morning! Insecure design is now listed as number 4 in the OWASP Top 10 Web Application Security Risks. In recognition of International Women’s Day, our inaugural hackathon is designed to promote data privacy early in the software development lifecycle. With 70+ community members joining us live from all over the world at the Global Kick-Off, we had a incredible morning together and enjoyed: a delicious🍦 keynote speech by @Kim highlighting why the privacy posture of any software is more critical than ever and how “privacy by design” can be achieved through threat modeling a story from @purpleanchovy illustrating how a system’s intended functions can be misused and hurt people and how threat modeling could help address that a hands-on workshop led by @Chris Romeo that took us from performing threat modeling to a house, to an alarm system, and finally to a database great collaboration among the hackathon teams facilitated by mentors @AviD @Jeroen V @jt.infosec @Brook Schoenfield in Chris' workshop and... a professional DJ set by @aeftimie that connected all of us in a virtual room, taking away the barrier that the screens often become 📅 Schedule March 1: Kick-Off: Keynote, Workshop: Security Threat Modeling March 9: Workshop: Privacy Threat Modeling Framework March 19: Submission Deadline March 31: Winners Announced 🤩 Can’t wait to see what the teams will create over the next three weeks! 18 days ago 950 * Recent activity * Categories izarParticipating Frequently published in General Discussion I'M IZAR TARANDACH - AND IF YOU HAVE QUESTIONS, I MAY HAVE ANSWERS!Q&A Hi everyone, I’m Izar Tarandach, a Sr Staff Engineer at Datadog these days helping develop security products. Previously, I helped Squarespace, Autodesk, DellEMC RSA, IBM, and Bridgewater Associates design and implement product- and enterprise-wide security solutions, offering guidance in the design and implementation of secure systems and products. I’m also a co-author of "Threat Modeling: A Practical Guide for Development Teams", O'Reilly with Matthew Coles, and part of the "Threat Modeling Manifesto" band. I wrote the Continuous Threat Modeling Handbook and lead the OWASP pytm project, the first (I think!) threat-model-with-code framework out there. Currently I am looking into the bridge between Observability and Security. I’m excited to talk about that, secure development and engineering, threat modeling, careers in cybersecurity, Threat Modeling Manifesto, my favorite movies, dogs, what is that funny fish and anything in between. How it works: Add your questions below any t 1129920 2 days ago ShuningCommunity Manager posted in Welcome & Announcements MEET & GREET YOUR PEERS 🤗 Hello, hola, hallo, guten tag, bonjour, shalom…community! One of the most exciting parts of your journey in Threat Modeling Connect is the opportunity to meet and work closely with the best and brightest (and kindest!) threat modeling professionals around the world. Let’s greet each other and share: Where you work, live, and your current role Your threat modeling experience, challenges, expertise - whether you’re just beginning or further down the journey, we’d love to hear more of your story Where we can find you if you’re not threat modeling We’ll get to know each other more along the way. This is just the beginning of something great :) 729 4 days ago Michael BernhardtParticipating Frequently published in Articles SELLING THE “YELLOW COW”: HOW TO SELL THREAT MODELING TO YOUR LEADERSHIP TEAM BEYOND ITS SECURITY BENEFITSARTICLE The Yellow Cow is a picture by German artist Franz Marc ( Source: https://en.wikipedia.org/wiki/Yellow_Cow#/media/File:Franz_Marc-The_Yellow_Cow-1911.jpg) . In this artwork, Marc expressed the conflict between the inner and outer perception of the world. Additionally, yellow stands for inspiration and power. Leveraging this metaphor, let us explore how threat modeling, if implemented successfully, can help put your organization in a stronger position beyond the initial security goal. Threat modeling comes with cost and effort. It’s not uncommon for organizations to pursue more cost-efficient paths as long they allow them to “check the box.” In my article “ Becoming the Martian: How to Scale Threat Modeling in Your Organization ,” I have elaborated on why threat modeling has not yet been a C-level topic in most companies. The article should provide the arguments to justify a threat modeling program being the more sustainable solution for your organization. Many organizations sta 5520 4 days ago madchapNew Participant asked in General Discussion NPS FOR THREAT MODELING Hello everyone! I am searching for ideas or experiment feedback on how to gather a sort of TM “NPS score” as a measure on how well or not we’re doing with our engineering teams. Hint: Sending MS Forms surveys don’t really work. Looking past the “number of threat models performed”, “number of security work items opened” (and maybe never worked on), etc… how would you measure the actual value that is brought (or not) to various engineering teams as you educate/have them perform threat modeling? As I am endeavoring in some development work to create a custom Azure DevOps extension for NFRs to bring stuff in-band of engineering teams (and ensure something more cyclic too), I have some rough ideas, but would like to open the question to the experts :) Thanks! 15 6 days ago JSnurkaNew Participant posted in General Discussion NIST MATURITY MOVER USING THREAT MODELING My organization is working to move our NIST maturity and one of the ways my team can help is in the area of Threat Modeling. There are some specific questions around TM but it seems that NIST looks at Networking, Database and Application Threat Modeling separately. To be honest, I didn’t know modeling was done in different pillars but holistically. Here are a few of the NIST questions. I would love feedback on how I can use a tool like IriusRisk to move the needle on these. Which of the following describe how network threat modeling is performed by the organization? TM performed against network attack surfaces Against data flow What is the estimated % of all databases for which the organization performs threat modeling to identify and prioritize potential threats? Which of the following describe the organization's implementation of threat modeling #3 is focused on application TM incorporated in SDLC BTW - NIST defines SDLC as System Development Lifecycle 12 6 days ago irene221bParticipating Frequently posted in General Discussion ANYONE TRIED TO APPLY "COLLABORATIVE MODELING" IDEAS IN YOUR THREAT MODELLING? https://freecontent.manning.com/better-software-development-with-collaborative-modeling/ - I’ve come across this book and the ideas look very applicable to what we do with threat modelling. Anyone familiar with these ideas? Have you tried it? Any other thoughts? 01 9 days ago zeroxtenNew Participant asked in General Discussion QUESTION ON REDDIT: THREAT MODELING SOMETIMES NOT THE BEST OPTION FOR ADRESSING SECURITY? REQUEST FOR COMMENTS Sharing this from a post by u/RoAmbk on r/threatmodeling, I thought it would be good to get this community’s input. Hi, I sometimes need to help projects in the web/cloud domain, some of them are green field projects. Threat modeling is a vital part of the SSDLC of these projects. On the other hand, there are guidelines like OWASP Top 10, OWASP ASVS, and many more that can help getting to a certain security level.I prefer to first follow guidelines and only after these have been assessed, perform threat modeling to detect risks and mitigate them.I had the experience that putting threat modeling before assessing a guideline is not as effective for these kind of projects. On the other hand, threat modeling is best when assessing a very custom solution like an embedded system with networked and legacy components. Do you have some thoughts and comments? I would be very interested in your opinion.Thank you What do you think? (source: https://www.reddit.com/r/threatmodeling/comments/10 02 13 days ago shankarbabuNew Participant published in Guides A STEP-BY-STEP GUIDE TO CREATE YOUR FIRST THREAT MODEL (TEMPLATE INCLUDED)GUIDE Introduction: What is Threat Modeling Threat Modeling versus Threat Intelligence Threat Modeling alignment to NIST CSF A Simple, Six-Step Approach to Threat Modeling Step 1: Create an architecture diagram and label the artifacts Step 2: List down each architectural component Step 3: Identify and assign potential threats from STRIDE applicability matrix Step 4: Describe threat description Step 5: Propose risk mitigation plan Step 6: Identify appropriate security controls from NIST CSF Manual Threat Modeling Tool Using a Spreadsheet (Template) References Appendix 1: Primer to STRIDE framework Threat Classifications Threat Modeling Elements STRIDE applicability to TM elements Appendix 2: Sample Threat Models SaaS application (public cloud hosted) Introduction: What is Threat Modeling A structured and repeatable process to identify threats and mitigate them against valuable assets in a system. We cannot build secure systems until we und 128954 C 17 days ago ShuningCommunity Manager published in Welcome & Announcements SPRING 2023 HACKATHON IN FULL SWING!NEWS 🎉 We just kicked off the Spring 2023 Hackathon this morning! Insecure design is now listed as number 4 in the OWASP Top 10 Web Application Security Risks. In recognition of International Women’s Day, our inaugural hackathon is designed to promote data privacy early in the software development lifecycle. With 70+ community members joining us live from all over the world at the Global Kick-Off, we had a incredible morning together and enjoyed: a delicious🍦 keynote speech by @Kim highlighting why the privacy posture of any software is more critical than ever and how “privacy by design” can be achieved through threat modeling a story from @purpleanchovy illustrating how a system’s intended functions can be misused and hurt people and how threat modeling could help address that a hands-on workshop led by @Chris Romeo that took us from performing threat modeling to a house, to an alarm system, and finally to a database great collaboration among the hackathon teams facilitated b 7950 18 days ago Adam ShostackKnown Participant posted in General Discussion WHAT MAKES TRUST BOUNDARIES A CHALLENGING CONCEPT? I routinely hear people struggle. Perhaps it's been too long since I first encountered it. Have you heard a good explanation of why it's hard? Do you have one of your own? What helped you overcome it? How do you teach it, or elicit boundaries when you’re leading threat modeling work? 58 L 19 days ago Show more activity FORUM Validate ideas, share resources, and get feedback from your peers and experts WELCOME & ANNOUNCEMENTS * 7 topics * 32 Replies GENERAL DISCUSSION * 30 topics * 155 Replies POPULAR TAGS * Threat Modeling Fundamentals * Community * Methodology * Why Threat Modeling * Enterprise TM Program * Stakeholder Engagement * Tooling How to encourage the agile team to embrace threat modeling? How do I begin as a developer? What’s the future of threat modeling? Read Izar's answers See the past Ask Me Anything (AMA) by Chris Romeo. FEATURED TOPICS Guide EMBEDDING THREAT MODELLING IN THE DEVOPS LIFECYCLE (PART 1: BACKLOG MANAGEMENT) If you’re part of this community, I’m sure you don’t have to be convinced of the huge value that threat modelling can bring to teams and how it helps create better and more secure software. However, I’ve often seen through my employee and consultant career that HOW threat modelling outputs are managed in the organisation is often at odds with the organisation dynamics, making it hard for threat modelling to “stick” as a repeatable organisational practice. This will be a two-part series, in which we’ll first talk about backlog management practices and how they can make or break threat modelling, and in the second part, we’ll talk about the often problematic relationship with risk management practices which already exist. In this blog, I’ll talk about a few patterns I’ve seen that can often have a negative impact on your threat modelling activities, even though they sit outside of it, in how they become integrated, or not, with backlog management practices by the engineering teams. Failure to build relationships and negotiate success with Product owners Inability to aggregate results across the organisation and prove its value Failure to connect to the compliance framework and objectives Failure to build relationships and negotiate success with Product owners I’ve seen many programmes where in the haste to prove its value, threat modelling practices are overly focused on the Engineering teams, starting with great and comprehensive training programmes to teach how to perform a particular framework. Having experienced it, it tends to be short-lived or become something done with little engagement. And often a big contributing factor to that lack of engagement, is that not enough effort was put in understanding the organisational dynamics around what gets done or how prioritisations or re-prioritisations are managed. I’d highly advise interviewing and building great relationships with Product Owners to understand how bugs are managed, previous instances of re-prioritisations and how they came to be and how the teams handled them. This should give you some insight into how security will (likely) either succeed or fail. This often means you need to pay attention to Agile / Scrum practices and if they consider that threat modelling is something they should pay attention to. What gets done when using these practices tends to be defined in “Definition of Ready” and “Definition of Done”. I often propose that “Definition of Ready” should establish the criteria by when threat modelling is actually required, and it should be negotiated, not imposed. For instance, only new types of data processing, or significant changes to architecture should warrant a threat modelling session to be required, so the normal activities performed by teams which don’t introduce any new patterns aren't unburdened by the extra effort. If you expect threat modelling to happen all the time, pretty quickly it tends not to be done at all. Inability to aggregate results across the organisation and prove its value If we bring it up a level from Product teams, another challenge I’ve seen which contributes to the lack of success of threat modelling in organisations is the security team not focusing on acquiring the ability to have a 10.000 foot view of how threat modelling is happening across the organisation. To do this, and if using the existing tooling that teams tend to use for backlog management, like JIRA. It means you should find a way to use metadata that you can use to query and make sense of how much threat modelling is actually happening, and what tickets are being identified that mitigate identified threats. I like to say that if the output of a threat modelling session wasn’t tickets in a team backlog, then what you did was a nice chat, not a security practice. There are 3 ways in which I’ve seen this attempted, both with pros and cons New issue type or project Using labels Using fields Approach Pros Cons New issue type or project Better flexibility and be more prescriptive in categorisation for vulnerability management or risk management Easier to aggregate reporting It’s imposing on Engineering workflows May reduce sense of ownership for those items by Engineering Using labels Very easy to start Allows for most flexibility and evolution of categorisation as practice evolves Bulk retrospective changes are easy, as you evolve your threat modelling practice Very easy to mislabel, skewing results Harder to ensure consistency High dependency on team members remembering to do it Using fields (within existing projects) Using fields with drop-downs makes for an easier user experience* Easier to get the categorisations maintained centrally You need to convince teams to change their projects * for instance, if you decide to create drop-downs relating to areas of ASVS I would generally advise against creating new projects, even issue types, as they tend to reduce the sense of ownership by Engineering. Using fields is generally my preferred option. This will then allow to aggregate reporting easily, using for instance dynamic Confluence pages querying the JIRA data, that you can use to aggregate results and not only see the status of threat modelling activities across the organisation in real time, but be able to show Senior Management that it’s an effective practice which is identifying and mitigating threats. Failure to connect to the compliance framework and objectives Another challenge I’ve seen, is the dark-side of bottom-up adoption of threat modelling, which is that if there aren’t good relationships between Compliance and Engineering, the practices will be done in isolation without real benefit or integration to the ISMS (Information Security Management system). This often leads to the security engineering benefits brought by threat modelling, to be disconnected from the Compliance programme and as such pose no actual benefit to Compliance, which is crazy, but seen it more than once. Sometimes, yes, I agree with what you’re thinking, if you bring Compliance to co-design they’ll just overcomplicate it. But it’s a relationship worth putting some effort in, for the mutual benefits it can bring to the organisation as a whole. Ideas such as risk-informed threat modelling, where teams perform dedicated threat modelling sessions to explore mitigations for identified risks, are a good way to start bringing the teams together. This bringing together can also be thought about from a categorisation perspective, for instance, with drop-downs to ISO 27001 mappings or any other relevant frameworks. You’ll certainly need to discuss who’s accountable to do what and when, but that’s your contextual challenge that you need to figure out what works, maybe even experiment. Did you ever see these effects in your own organisation? Being able to spot a pattern or organisation dynamics and how they interplay to make work successful, is something that those wishing to embed threat modelling shouldn’t overlook if we’re aiming for success. If you’ve tried implementing threat modelling in the past and couldn’t, and before thinking that threat modelling failed you, consider first that you may have failed threat modelling too. M 4 months ago 2790 Guide A STEP-BY-STEP GUIDE TO CREATE YOUR FIRST THREAT MODEL (TEMPLATE INCLUDED) Introduction: What is Threat Modeling Threat Modeling versus Threat Intelligence Threat Modeling alignment to NIST CSF A Simple, Six-Step Approach to Threat Modeling Step 1: Create an architecture diagram and label the artifacts Step 2: List down each architectural component Step 3: Identify and assign potential threats from STRIDE applicability matrix Step 4: Describe threat description Step 5: Propose risk mitigation plan Step 6: Identify appropriate security controls from NIST CSF Manual Threat Modeling Tool Using a Spreadsheet (Template) References Appendix 1: Primer to STRIDE framework Threat Classifications Threat Modeling Elements STRIDE applicability to TM elements Appendix 2: Sample Threat Models SaaS application (public cloud hosted) Introduction: What is Threat Modeling A structured and repeatable process to identify threats and mitigate them against valuable assets in a system. We cannot build secure systems until we understand the applicable threats to our applications/ systems/platforms/infrastructure/services/APIs etc. Threat Modeling involves (i) visually modeling a system (ii) identifying potential threats (iii) validating and/or designing security controls to mitigate risk(s). Threat Modeling versus Threat Intelligence While both Threat Modeling (TM) and Threat Intelligence (TI) focus on identifying threats in order to act on them or mitigate them, Threat Modeling aligns well with the Security architecture/design portion of Secure Development Lifecycle , whereas Threat Intelligence aligns well with security operations. Threat Modeling is relevant to identifying threats in a particular system/application/platform/service that we are building before that system is deployed in production, whereas Threat Intelligence is relevant to a comprehensive list of Threats to a whole organization with reference to systems that are already in production/non-prod/pre-prod/laptops/desktops, etc. Threat Modeling alignment to NIST CSF Both Threat Modeling (TM) and Threat Intelligence (TI) maps into NIST CSF Identify (ID) → Risk Assessment (ID.RA) category Function Category Sub-category IDENTIFY (ID) Risk Assessment (ID.RA): The organization understands the cybersecurity risk to organizational operations (including mission, functions,image, or reputation), organizational assets, and individuals. ID.RA-3: Threats, both internal and external, are identified and documented A Simple, Six-Step Approach to Threat Modeling The following describes a simple six-step approach to perform threat modeling: Create an architecture diagram of the application/system by: depicting each architectural component as one of the four threat modeling elements . Any architectural component which is not an actor/data flow/data store would be a process from the threat modeling perspective. assign a number to each architectural component for each reference in later steps. List down each architectural component matching the assigned numbers or identifiers in the diagram (eg. as rows in a spreadsheet) along with mapping to the corresponding threat modeling element those components fall into. For each such architectural component, duplicate the row as many times as there are applicable threats based on the STRIDE applicability matrix and assign an applicable threat for that component in each row. For example, for an actor, there would be two rows (one for Spoofing threat and second row for Repudiation threat as there are two applicable threats as per STRIDE applicability matrix . Similarly, there would be four rows for a database, as there are four applicable threats for a data store). Think about how such a threat could make a contact or exploit a vulnerability in the component and manifest into a real risk to the application/system that is being threat modeled. Write down or explain the threat description in a simple sentence or two Think about if the threat is real or not and how a set of security controls (one or many) that are already in place or going to be implemented could mitigate the potential risks. Propose such mitigation plan in a simple sentence or two Identify the appropriate security control(s) from NIST CSF . Each such security control should be placed in the next column on the same row. Note that there could be many-to-many relationships between potential threats and possible mitigation controls. (one security control may mitigate multiple threats and one threat may need multiple controls for risk mitigation). Let's take a simple internet facing web application architecture to walk through the six (6) steps described above. Step 1: Create an architecture diagram and label the artifacts Step 2: List down each architectural component Artifact depicted in the diagram TM Element (1) Human user (customer/employee/partner) using a web browser Actor (2) Data flow between user/browser and web/app server Data flow (3) Web Application (app.organization.com) Process (4) Data flow between web/app server and database Data flow (5) Database Data store Step 3: Identify and assign potential threats from STRIDE applicability matrix Artifact depicted in the diagram TM Element Applicable Threats (STRIDE Classification) (1) Human user (customer/employee/partner) using a web browser Actor Spoofing (1) Human user (customer/employee/partner) using a web browser Actor Repudiation (2) Data flow between user/browser and web/app server Data flow Tampering (2) Data flow between user/browser and web/app server Data flow Information disclosure (2) Data flow between user/browser and web/app server Data flow Denial of service Step 4: Describe threat description Analyze Model Identify Threats Artifact depicted in the diagram TM Element Applicable Threats (STRIDE Classification) Threat description (1) Human user (customer/employee/partner) using a web browser Actor Spoofing An attacker could pretend to be a valid customer and try to access unauthorized details (1) Human user (customer/employee/partner) using a web browser Actor Repudiation An authorized user (e.g., w/ admin privs) might delete/edit customer data and could claim to have not performed that action (2) Data flow between user/browser and web/app server Data flow Tampering An attacker could modify data as it traverses internet to the web/app server (2) Data flow between user/browser and web/app server Data flow Information disclosure An attacker could sniff network traffic to read sensitive data in transit (2) Data flow between user/browser and web/app server Data flow Denial of service An attacker could launch DoS/DDoS to degrade the availability of a web application/service to users Step 5: Propose risk mitigation plan Artifact depicted in the diagram TM Element Applicable Threats (STRIDE Classification) Threat description How we plan to mitigate the risk(s) (1) Human user (customer/employee/partner) using a web browser Actor Spoofing An attacker could pretend to be a valid customer and try to access unauthorized details Implemented or plan to implement strong authentication (1) Human user (customer/employee/partner) using a web browser Actor Repudiation An authorized user (e.g., w/ admin privs) might delete/edit customer data and could claim to have not performed that action Implemented or plan to implement log monitoring for operations on sensitive data by users (2) Data flow between user/browser and web/app server Data flow Tampering An attacker could modify data as it traverses internet to the web/app server Implemented or plan to implement encryption of data in-transit using strong cryptography (2) Data flow between user/browser and web/app server Data flow Information disclosure An attacker could sniff network traffic to read sensitive data in transit Implemented or plan to implement encryption of data in-transit using strong cryptography (2) Data flow between user/browser and web/app server Data flow Denial of service An attacker could launch DoS/DDoS to degrade the availability of a web application/service to users 1. Implemented or plan to implement firewalls at appropriate levels in the network to reduce the attack surface 2. Implemented secure network configuration Step 6: Identify appropriate security controls from NIST CSF Analyze Model Identify Threats Mitigation Plan Artifact depicted in the diagram TM Element Applicable Threats (STRIDE Classification) Threat description How we plan to mitigate the risk(s) Relevant or applicable NIST CSF control(s) (1) Human user (customer/employee/partner) using a web browser Actor Spoofing An attacker could pretend to be a valid customer and try to access unauthorized details Implemented or plan to implement strong authentication PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks) (1) Human user (customer/employee/partner) using a web browser Actor Repudiation An authorized user (e.g., w/ admin privs) might delete/edit customer data and could claim to have not performed that action Implemented or plan to implement log monitoring for operations on sensitive data by users PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy DE.AE-3: Event data are collected and correlated from multiple sources and sensors (2) Data flow between user/browser and web/app server Data flow Tampering An attacker could modify data as it traverses internet to the web/app server Implemented or plan to implement encryption of data in-transit using strong cryptography PR.DS-2: Data-in-transit is protected (2) Data flow between user/browser and web/app server Data flow Information disclosure An attacker could sniff network traffic to read sensitive data in transit Implemented or plan to implement encryption of data in-transit using strong cryptography PR.DS-2: Data-in-transit is protected For full threat model, refer to “Threat Model for 2-tier web app” worksheet at: 🔗 Template: Creating a Manual Threat Model in Six Steps (by Shankar Chebrolu) Architecture diagrams are on the first worksheet “Architecture diagrams” for additional reference. Manual Threat Modeling Tool Using a Spreadsheet (Template) The template for creating a threat model manually in six steps using a spreadsheet is made available at the link below . T he template could be customized further to make it work with any security standard or framework instead of NIST CSF or with an organization's internal security standard. 🔗 Template: Creating a Manual Threat Model in Six Steps (by Shankar Chebrolu) References Microsoft Security Development Lifecycle Introduction to Microsoft SDL Threat Modeling Threat Modeling - Designing for Security Securing Systems - Applied Security Architecture and Threat Models Appendix 1: Primer to STRIDE framework Threat Classifications There are six classifications of Threats dubbed as STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) as described below. The STRIDE approach to threat modeling was invented in 1999. Threat Classification Definition Sample Threats Desired security control to mitigate the threat Risk mitigation solution Spoofing Impersonating something or someone else Pretending to be a valid user or server Authentication Enforce strong authentication techniques like 2FA for human authentication, client certs for non-human (API) clients Tampering Modifying data/ code unauthorized Modifying code (or library) on a system / data on disk Integrity Enforce strong cryptography/ hashing Repudiation Claiming to have not performed an action Remove record of modification of a file / resource Non-Repudiation Enforce logging on key events of interest. Use digital signatures Information disclosure Exposing information to someone not authorized Gathering sensitive information from log files Confidentiality Enforce strong cryptography/ encryption Denial of service Deny or degrade service to legitimate / Crashing a website Availability Use Throttling to control resource usage or design/build resiliency at the server level Elevation of privilege Gain capabilities without proper authorization Allowing remote user to run commands, switch from a limited user to admin Authorization Enforce principle of least privilege Threat Modeling Elements There are four elements used in Threat Modeling: Actor - Users (typically human users, but don't need to be. It could be clients like browsers or devices with IP address or physical address) Data Store - Databases, File systems, LDAP, Cookies, Memory-Cache Data Flow - HTTPS, IPSEC, RPC Process (runs code) - Web application/service, OS process, VM/Host/Server STRIDE Applicability to TM Elements Not all the threats apply to every element in the architecture diagram. Matrix of the applicability of threats to actors is shown in the table below: Spoofing Tampering Repudiation Information Disclosure Denial of service Elevation of privilege Actor X X Data store X X X X Data flow X X X Process X X X X X X Appendix 2: Sample Threat Models SaaS Application (Public Cloud Hosted) Refer “ Threat Model for SaaS application” worksheet 🔗 Template: Creating a Manual Threat Model in Six Steps (by Shankar Chebrolu) 4 months ago 8954 Guide A GUIDE TO EMBEDDING THREAT MODELING IN RISK MANAGEMENT (PART 1) Overview Why bother about risk management Review of the risk management process Establishing the context Risk assessment Risk identification Risk analysis Risk evaluation Risk Treatment and Reporting Closing remarks References Overview Showing the benefits of threat modeling to management less invested in cyber security topics is notoriously hard as the added value of security, in general, is hard to communicate unless an incident happens. However, the situation can be significantly improved by regularly relating the threat model outcomes to the risk concepts business understands and feels accountable for. The trick is to show that the threat modeling findings are not abstract or hypothetical technical scenarios but rather factors that contribute to high-level business risks and thus increase the chance of failing to meet the defined business goals. Budget is, after all, tied to reaching these goals. This is especially true when factoring in the resources needed to scale the process or to conduct it as a regular activity by a single team. One efficient way of creating stakeholder engagement in such a situation is to embed threat modeling in the organization’s risk management (RM) process. Risk management is fundamentally about systematically assessing risks that jeopardize management goals and priorities. Embedding threat modeling in the risk management process is your possibility to re-frame management perception about the process and highlight how it adds significant value to upper management: establishing a connection between the business risks and the technical risks capturing the contribution of various technical threats to the business risks creating transparency on the amount of risk that was accepted implicitly before performing threat modeling show the ROI of threat modeling by tying it to risk concepts that are expressed quantitatively With re-positioning TM as an essential and in the broader RM process integrated activity, you reframe the perspective on threat modeling to something the business side appreciates for its added value in reaching their own goals instead of merely accepting the importance of security. This appreciation can make the difference between getting adequate resources for maintaining and scaling the TM process or being (constantly) under-prioritized in favor of, say, feature stories – even though nobody would openly debate the importance of security. In Part I, we start with a quick overview of a general risk management (RM) process and give a strategic perspective on some of the considerations about embedding threat modeling in the RM process as a regular activity. In Part II, we demonstrate the basic idea of embedding an example set of STRIDE (Shostack, 2009) findings to a reasonably traditional RM process using standard RM techniques like the FIRM (Hopkin, 2017, pp. 135-138) framework for identifying business risks and risk matrices to measure (changing) risk levels. Whether you use STRIDE in your organization is of minor relevance. We primarily use it as a relatively lightweight method, and we do not want to get lost in threat modeling details for this article, our goal being mostly to demonstrate the core ideas with rudimentary – and to be improved – models. Part III addresses some of the shortcomings of the initial models by introducing more advanced quantitative risk models. Part IV finishes this journey with possible approaches to scale by incorporating quantitative risk models with modern threat model representations like the Open Threat Model format. Why bother about risk management Unfortunately, the communicated strategic business goals are often too high-level to directly relate to them the potential benefits of threat modeling. Doing so, you would end up with arguments like “TM helps to create an improved customer experience by incorporating security into the user journey and thus contributes to reaching the strategic goal of increased customer satisfaction.” Such statements might be accurate, but most probably will not be enough to get your case organizational support (i.e., budget & other resources). Instead, it would help if you could wave the TM activities into how your organization breaks down these strategic goals internally and identifies the risks associated with them from a management perspective . Once you achieve this, the strategic goals management efficacy is measured against, becoming your leverage in positioning TM as a crucial effort in reaching business goals. As it turns out, one effective way to implement this strategy is to follow the risk management process the organization already uses and create connections with the established steps. Since, on a high level, risk management processes look pretty similar, we will adapt the ISO 31000 terminology for the sake of this article. The high-level illustration of ISO 31000 presented in Figure I, borrowed from (Hopkin, 2017, p. 79), gives us just enough understanding of a typical risk management process for our purposes. ISO 31000 is a general enough framework, so you might find similarities when reviewing the RM methods implemented in your company, even if it is formally not ISO 31000 compliant. Figure 1, an illustration of the ISO process as presented in (Hopkin, 2017, p. 79) Review of the risk management process Now that we have motivated why one should think about threat modeling in a broader risk management context let’s review the steps an RM process uses to achieve this on a high level to create a bit of understanding of the process we would like to embed threat modeling into. Establishing the context A typical risk management process starts with a step that ISO 31000 calls “establishing the context.” This or its equivalent section describes the internal and external factors your management considers relevant. The external context mainly considers the local and global market situation, political landscape, and regulatory requirements. In comparison, the internal context addresses considerations like financial goals and limitations or various effects of strategic decisions like adopting a cloud-first strategy. This is where management states what they care about from the context they operate in. Aspects that are recognized here will guide the subsequent steps in the process. Risk assessment This is the part of an RM process where we need to concentrate most of our efforts on establishing threat modeling as an integral part of the risk management process. It comprises essential risk identification, analysis, and evaluation activities. Our goal is to show that threat modeling has not only similarities with these steps but can also be used as an implementation of these activities in a software development context. Risk identification Building upon the factors listed in the previous step establishing the context , the risk identification part of the risk management process deals with systematically enumerating the business risks derived from the elements of the external and internal context. It could feel tempting to position threat modeling as the developer team’s equivalent risk identification activity. The one identifies business risks, the other technical threats. Aren’t these just the same thing under a different name? Well, not exactly. There is plenty of discussion on the subtle differences between threats vs. risks we can not cover here. However, there is one aspect that has some significance from the point of view of the question of how to embed threat modeling into risk management: the external and internal context based on which an RM process derives the business risks is relatively static compared to the typical 2 - 4 weeks long development cycle. Admittedly, threats are most probably present during the product lifetime, likely those derived from core architecture and business features. Nevertheless, there is still an inherent difference in the dynamics by which threats are potentially uncovered by the threat modeling activities vs. the relevance of business risks which are usually reassessed during the yearly business planning activities. Even though the list of any initially identified threats based on planned core features and architecture will likely not change heavily during iterations, a new threat will likely be uncovered during the TM of a new feature, which contributes to risk, thus changing the overall risk profile. This observation has two practical implications for us: business risks are not the equivalent concepts to the technical threats TM deals with there is potentially a significant difference in the dynamics of the process used to identify risks vs. those that are supposed to identify threats We must find ways to account for these aspects when mapping business risks and threats later on, but let’s note that the mapping is not straightforward and probably should happen elsewhere in the process. Many companies use the finance, infrastructure, reputation, and marketplace (FIRM) classification for risk identification (Hopkin, 2017, p. 165). Since we need a simple RM process example to demonstrate how to embed TM, this will do perfectly. Using this methodology, a company could arrive at a list of risks like the below one following: Reputational risks: customer acquisition roadmap jeopardized by brand damage compliance risk concerns over the quality of the product Marketplace risks: We consider this category out of scope. Typically, product teams would perform threat modeling and focus on cyber security threats. The financial risk of the internal context to be addressed by the team: fraud risk Infrastructure risks of the internal context to be addressed by the team: insufficient resilience of the system insufficient data protection As you can see, this list does not focus on technical issues but emphasizes business priorities. This is common in for general RM process’s list of identified risks. Their job is, after all, to guide management. Ours is to show how the threat modeling process contributes to the efforts devoted to mitigating these business risks and that the technical threats TM uncovers are not somehow confined to a business realm: the connection is there, and the contribution can be made visible with the very same tools the RM team uses otherwise to express and measure risk levels. Risk analysis Most risk management process implementations have a section that breaks down the identified risks. Consequences are enumerated, and likelihoods and magnitude criteria are outlined for various risk levels in case of qualitative risk representations and probability and some quantitative measure (loss in dollars, for example) in case a quantitative model is preferred. The function with which you assign your risks and assign a specific value to them will be referred to as the risk function. As this section naturally deals with the technicalities of analyzing risks identified earlier, this is the suitable part of the RM process to introduce TM by establishing the mapping between business risks and technical threats. As mentioned previously, our preferred strategy is establishing a mapping hierarchy between business risks and technical threats, where possibly several threats contribute to one business risk. Mapping a set of threats to given risks allows the group to change over time; see the consideration above regarding risk vs. threat dynamics. Also, it provides us with a conceptual bridge from risk levels through a set of threats that contribute to that risk down to vulnerabilities (for the sake of this discussion, let’s treat vulnerabilities simply as concrete manifestations of a threat). In practical terms, this means that the risk function will be applied to risk and its associated threats and evaluated to the value of that risk associated given those threats. The effect of implementing mitigations is expressed simply by a reduced risk value. This will be at the heart of many design considerations in the example approaches and their evaluation presented in subsequent articles (Part II and Part IV). Risk evaluation The risk evaluation step takes risks identified earlier. It evaluates them against the function used to calculate the magnitude and likelihood values of the risk (or any other representation of the risk values). These risk values are then displayed in a format adequate to the model chosen earlier: a risk matrix is a common choice for visualizing qualitative data, and a loss exceedance curve is a popular choice (Hubbard & Seiersen, 2016) to visualize and evaluate probabilistic representations. Different risk values are calculated for each risk with other mitigations applied to them to account for the effect of various mitigation options. The risk level without any mitigations is usually referred to as inherent risk , while the reduced risk level after applying specific mitigations is the projected risk . The differences between the projected risk values can be compared to give one way to guide the process of selecting the most appropriate mitigation. An exciting aspect of the activities in the evaluation step is when or rather how often they would happen: would the risk values be calculated and overall representations updated during (or rather tied to) the threat modeling sessions (again more dynamic in nature) or rather less frequently as part of a more strategic evaluation process? After all, a team does not necessarily need to take into account the effect of changes in the global risk landscape when deciding the order of local work units (implementing countermeasures) Risk Treatment and Reporting The threat modeling equivalent of the risk treatment step of a general RM framework would be the implementation of the defined countermeasures and mitigations. One could argue that to work down your list of countermeasures, total risk evaluation is not necessarily needed; the decision could be guided by engineering input on resources, urgency, or other factors. You could see risk value changes captured in risk matrices or loss exceedance curves as information to drive more strategic decisions. It would be, for example, perfectly relevant input at budgeting discussions when one would consider what budget and comprehensive resources to allocate for the next budgeting period, given the contribution of cyber security threats to the overall business risk landscape. In other organizational contexts, the risk value changes could be used to guide the team locally, make more tactical decisions, and thus directly influence, for example, work prioritization. To what extent risk evaluation outcomes are used as input for risk treatment - guiding prioritization and scheduling of the implementation of countermeasures - or management reporting processes essentially is a choice of how tightly an organization wants to tie tactical decisions to the overall strategy. Irrespective of the preferred option, the direction taken would naturally affect how the monitoring and review functions, along with the management communication and consultation, would consume the calculated risk values and updates in the aggregated representation (risk matrices, loss exceedance curves, or other models). Closing remarks This overview shall help you to appreciate the potential of embedding threat modeling formally into the risk management process. The following article will use a simple concrete example to showcase the main ideas. We will start with one possible example of how to break down the above business risks to STRIDE threats. We will then review the primary considerations around constructing a risk evaluation function mapping to categorical likelihood and magnitude values represented in an aggregate form by risk matrices. References Hopkin, P. (2017). Fundamentals of Risk Management - Understanding, evaluating and implementing effective risk management. London: Kogan Page. Hubbard, D. W., & Seiersen, R. (2016). How to Measure Anything in Cybersecurity Risk. Hoboken, New Jersey: John Wiley & Sons Inc. Shostack, A. (2009, August 27). Microsoft SDL Blog . Retrieved from The threats to our products. 4 months ago 1950 HELPFUL RESOURCES THREAT MODELING MANIFESTO A guideline on the core values and principles of threat modeling OWASP THREAT MODELING PROJECT A documentation project focusing on threat modeling techniques IRIUSRISK COMMUNITY EDITION A free threat modeling automation tool created by IriusRisk NEW TO THE COMMUNITY? MEET AND GREET FAQS COMMUNITY GUIDELINES Powered by inSided Terms and Conditions and PrivacyCookie settings COMMUNITY * Who We Are * Community Guidelines * Join Us FORUM * Best Practices * Inspiration & Connection * Ask the Community ARTICLES * Methodology * Building a Threat Modeling Program * Prioritization & Mitigation * Stakeholder Engagement * Success & Measurement EVENTS * Upcoming Events RESOURCES * Threat Modeling Manifesto * OWASP Threat Modeling Project * IriusRisk Community Edition Powered By 2022 Threat Modeling Connect. All Rights Reserved. Powered by inSided Terms & Conditions & PolicyCookie settings JOIN THE COMMUNITY Already have an account? Login Log in with LinkedIn Log in with Google or Username * E-mail address * First Name (Private) Only you and moderators can see this information * Last Name (Private) Only you and moderators can see this information * Company (Private) Only you and moderators can see this information * Role * I am a developer, DevOps engineer, or other technical team memberI am a security engineer, security architect, or other security team memberI am a technical team leaderI am a product managerI am a business leaderI am a cybersecurity leaderI am a governance and compliance leaderI am a studentOther Country * Aaland IslandsAfghanistanAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntarcticaAntigua And BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBosnia and HerzegowinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBrunei DarussalamBulgariaBurkina FasoBurundiCambodiaCameroonCanadaCape VerdeCayman IslandsCentral African RepublicChadChileChinaChristmas IslandCocos (Keeling) IslandsColombiaComorosCongoCook IslandsCosta RicaCote D'IvoireCroatiaCubaCyprusCzech RepublicDenmarkDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEthiopiaFalkland Islands (Malvinas)Faroe IslandsFijiFinlandFranceFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuineaGuinea-BissauGuyanaHaitiHondurasHong KongHungaryIcelandIndiaIndonesiaIranIraqIrelandIsraelItalyJamaicaJapanJordanKazakhstanKenyaKiribatiKuwaitKyrgyzstanLaosLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacauMacedoniaMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesiaMoldovaMonacoMongoliaMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNetherlands AntillesNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorfolk IslandNorth KoreaNorthern Mariana IslandsNorwayOmanOtherPakistanPalauPalestinaPanamaPapua New GuineaParaguayPeruPhilippinesPitcairnPolandPortugalPuerto RicoQatarReunionRomaniaRussian FederationRwandaSaint HelenaSaint Kitts and NevisSaint LuciaSaint Pierre and MiquelonSaint Vincent and the GrenadinesSamoaSan MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbia and MontenegroSeychellesSierra LeoneSingaporeSlovak RepublicSlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSouth KoreaSpainSri LankaSudanSurinameSwazilandSwedenSwitzerlandSyrian Arab RepublicTaiwanTajikistanTanzaniaThailandTimor-LesteTogoTokelauTongaTrinidad and TobagoTunisiaTurkeyTurkmenistanTurks and Caicos IslandsTuvaluUgandaUkraineUnited Arab EmiratesUnited KingdomUnited StatesUnited States Minor Outlying IslandsUruguayUzbekistanVanuatuVatican City State (Holy See)VenezuelaViet NamVirgin Islands (British)Virgin Islands (U.S.)Wallis and Futuna IslandsWestern SaharaYemenZambiaZimbabwe Experience in Threat Modeling * Getting started! (under 1 year) 1-5 years 6+ years source medium campaign search engine Password * I accept the terms & conditions loginBox.register.email_repeat Register LOG IN Log in with LinkedIn Log in with Google or Username or Email Address Password Remember me Forgot password? Log in CREATE YOUR ACCOUNT Not a member yet? Become a member to join forum discussions, participate in community events and apply to write articles. Create an account Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password. Username or e-mail Send Back to overview SCANNING FILE FOR VIRUSES. Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes. OK THIS FILE CANNOT BE DOWNLOADED Sorry, our virus scanner detected that this file isn't safe to download. OK