www.threatmodelingconnect.com
Open in
urlscan Pro
2600:9000:2057:9400:1a:443b:fb40:93a1
Public Scan
Submitted URL: https://threatmodellingconnect.com/
Effective URL: https://www.threatmodelingconnect.com/
Submission: On March 20 via api from US — Scanned from DE
Effective URL: https://www.threatmodelingconnect.com/
Submission: On March 20 via api from US — Scanned from DE
Form analysis 5 forms found in the DOM
<form>
<div class="search-and-filter-wrapper"><span>
<div class="algolia-search-container" role="combobox" aria-haspopup="listbox" aria-labelledby="downshift-3-label">
<div class="algolia-search-container--empty-input">
<div class="search-box"><input aria-label="Search" type="search" placeholder="Search" autocomplete="off" autocorrect="off" autocapitalize="off" class="search-box__input" aria-autocomplete="list" aria-labelledby="downshift-3-label"
id="downshift-3-input"><button type="submit" aria-label="Enter" class="search-box__submit"><svg aria-hidden="true" width="16" height="16" class="" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
<path
d="M15.5 14H14.71L14.43 13.73C15.41 12.59 16 11.11 16 9.5C16 5.91 13.09 3 9.5 3C5.91 3 3 5.91 3 9.5C3 13.09 5.91 16 9.5 16C11.11 16 12.59 15.41 13.73 14.43L14 14.71V15.5L19 20.49L20.49 19L15.5 14ZM9.5 14C7.01 14 5 11.99 5 9.5C5 7.01 7.01 5 9.5 5C11.99 5 14 7.01 14 9.5C14 11.99 11.99 14 9.5 14Z"
fill="currentColor"></path>
</svg></button><button type="reset" aria-label="Clear search" class="search-box__reset" style="opacity: 0;"><svg aria-hidden="true" width="16" height="16" viewBox="0 0 16 16" fill="none" class="">
<path
d="M8.00065 1.33334C4.31398 1.33334 1.33398 4.31334 1.33398 8.00001C1.33398 11.6867 4.31398 14.6667 8.00065 14.6667C11.6873 14.6667 14.6673 11.6867 14.6673 8.00001C14.6673 4.31334 11.6873 1.33334 8.00065 1.33334ZM11.334 10.3933L10.394 11.3333L8.00065 8.94001L5.60732 11.3333L4.66732 10.3933L7.06065 8.00001L4.66732 5.60668L5.60732 4.66668L8.00065 7.06001L10.394 4.66668L11.334 5.60668L8.94065 8.00001L11.334 10.3933Z"
fill="currentColor"></path>
</svg></button></div>
</div>
</div>
</span></div>
</form>GET /search/index
<form method="get" action="/search/index">
<div>
<div class="search-and-filter-wrapper"><span>
<div class="algolia-search-container" role="combobox" aria-haspopup="listbox" aria-labelledby="downshift-2-label">
<div class="algolia-search-container--empty-input">
<div class="search-box"><input aria-label="Search" type="search" placeholder="Search" autocomplete="off" autocorrect="off" autocapitalize="off" class="search-box__input" aria-autocomplete="list" aria-labelledby="downshift-2-label"
id="downshift-2-input"><button type="submit" aria-label="Enter" class="search-box__submit"><svg aria-hidden="true" width="16" height="16" class="" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
<path
d="M15.5 14H14.71L14.43 13.73C15.41 12.59 16 11.11 16 9.5C16 5.91 13.09 3 9.5 3C5.91 3 3 5.91 3 9.5C3 13.09 5.91 16 9.5 16C11.11 16 12.59 15.41 13.73 14.43L14 14.71V15.5L19 20.49L20.49 19L15.5 14ZM9.5 14C7.01 14 5 11.99 5 9.5C5 7.01 7.01 5 9.5 5C11.99 5 14 7.01 14 9.5C14 11.99 11.99 14 9.5 14Z"
fill="currentColor"></path>
</svg></button><button type="reset" aria-label="Clear search" class="search-box__reset" style="opacity: 0;"><svg aria-hidden="true" width="16" height="16" viewBox="0 0 16 16" fill="none" class="">
<path
d="M8.00065 1.33334C4.31398 1.33334 1.33398 4.31334 1.33398 8.00001C1.33398 11.6867 4.31398 14.6667 8.00065 14.6667C11.6873 14.6667 14.6673 11.6867 14.6673 8.00001C14.6673 4.31334 11.6873 1.33334 8.00065 1.33334ZM11.334 10.3933L10.394 11.3333L8.00065 8.94001L5.60732 11.3333L4.66732 10.3933L7.06065 8.00001L4.66732 5.60668L5.60732 4.66668L8.00065 7.06001L10.394 4.66668L11.334 5.60668L8.94065 8.00001L11.334 10.3933Z"
fill="currentColor"></path>
</svg></button></div>
</div>
</div>
</span></div>
</div>
</form>Name: register — POST /member/register
<form name="register" method="post" action="/member/register" class="form js-ajax-form--registration" novalidate="novalidate">
<div class="js-notification ">
<div class="box box__pad is-hidden">
<ul></ul>
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" class="label required" for="register_user_username"> Username * </label>
</div>
<div class="second">
<input type="text" id="register_user_username" name="register[user][username]" required="required">
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" class="label required" for="register_user_email"> E-mail address * </label>
</div>
<div class="second">
<input type="email" id="register_user_email" name="register[user][email]" required="required">
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" data-private="1" data-private-label="Private" data-private-description="Only you and moderators can see this information" class="label" for="register_customfield_10"> First Name <div data-view="Tooltip"
class="tooltip tooltip--day text--normal">
<span class="text--meta tooltip-trigger js-tooltip-trigger" aria-haspopup="true">(Private)</span>
<div class="tooltip__content tooltip__content--profile js-tooltip-content"><i class="arrow"></i> Only you and moderators can see this information </div>
</div> * </label>
</div>
<div class="second">
<input type="text" id="register_customfield_10" name="register[customfield][10]" data-minchar="" data-maxchar="1000" placeholder=" "
data-labels="{"single":"{n} character left","plural":"{n} characters left"}">
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" data-private="1" data-private-label="Private" data-private-description="Only you and moderators can see this information" class="label" for="register_customfield_11"> Last Name <div data-view="Tooltip"
class="tooltip tooltip--day text--normal">
<span class="text--meta tooltip-trigger js-tooltip-trigger" aria-haspopup="true">(Private)</span>
<div class="tooltip__content tooltip__content--profile js-tooltip-content"><i class="arrow"></i> Only you and moderators can see this information </div>
</div> * </label>
</div>
<div class="second">
<input type="text" id="register_customfield_11" name="register[customfield][11]" data-minchar="" data-maxchar="1000" placeholder=" "
data-labels="{"single":"{n} character left","plural":"{n} characters left"}">
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" data-private="1" data-private-label="Private" data-private-description="Only you and moderators can see this information" class="label" for="register_customfield_5"> Company <div data-view="Tooltip"
class="tooltip tooltip--day text--normal">
<span class="text--meta tooltip-trigger js-tooltip-trigger" aria-haspopup="true">(Private)</span>
<div class="tooltip__content tooltip__content--profile js-tooltip-content"><i class="arrow"></i> Only you and moderators can see this information </div>
</div> * </label>
</div>
<div class="second">
<input type="text" id="register_customfield_5" name="register[customfield][5]" data-minchar="" data-maxchar="1000" placeholder=""
data-labels="{"single":"{n} character left","plural":"{n} characters left"}">
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" class="label" for="register_customfield_16"> Role * </label>
</div>
<div class="second">
<select id="register_customfield_16" name="register[customfield][16]" class="userProfileFieldSelect">
<option value=""></option>
<option value="i_am_a_developer_devops_engineer_or_other_technical_team_member">I am a developer, DevOps engineer, or other technical team member</option>
<option value="i_am_a_security_engineer_security_architect_or_other_security_team_member">I am a security engineer, security architect, or other security team member</option>
<option value="i_am_a_technical_team_leader">I am a technical team leader</option>
<option value="i_am_a_product_manager">I am a product manager</option>
<option value="i_am_a_business_leader">I am a business leader</option>
<option value="i_am_a_cybersecurity_leader">I am a cybersecurity leader</option>
<option value="i_am_a_governance_and_compliance_leader">I am a governance and compliance leader</option>
<option value="i_am_a_student">I am a student</option>
<option value="other">Other</option>
</select>
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" class="label" for="register_customfield_17"> Country * </label>
</div>
<div class="second">
<select id="register_customfield_17" name="register[customfield][17]" class="userProfileFieldSelect">
<option value=""></option>
<option value="aaland_islands_s">Aaland Islands</option>
<option value="afghanistan_s">Afghanistan</option>
<option value="albania_s">Albania</option>
<option value="algeria_s">Algeria</option>
<option value="american_samoa_s">American Samoa</option>
<option value="andorra_s">Andorra</option>
<option value="angola_s">Angola</option>
<option value="anguilla_s">Anguilla</option>
<option value="antarctica_s">Antarctica</option>
<option value="antigua_and_barbuda_s">Antigua And Barbuda</option>
<option value="argentina_s">Argentina</option>
<option value="armenia_s">Armenia</option>
<option value="aruba_s">Aruba</option>
<option value="australia_s">Australia</option>
<option value="austria_s">Austria</option>
<option value="azerbaijan_s">Azerbaijan</option>
<option value="bahamas_s">Bahamas</option>
<option value="bahrain_s">Bahrain</option>
<option value="bangladesh_s">Bangladesh</option>
<option value="barbados_s">Barbados</option>
<option value="belarus_s">Belarus</option>
<option value="belgium_s">Belgium</option>
<option value="belize_s">Belize</option>
<option value="benin_s">Benin</option>
<option value="bermuda_s">Bermuda</option>
<option value="bhutan_s">Bhutan</option>
<option value="bolivia_s">Bolivia</option>
<option value="bosnia_and_herzegowina_s">Bosnia and Herzegowina</option>
<option value="botswana_s">Botswana</option>
<option value="bouvet_island_s">Bouvet Island</option>
<option value="brazil_s">Brazil</option>
<option value="british_indian_ocean_territory_s">British Indian Ocean Territory</option>
<option value="brunei_darussalam_s">Brunei Darussalam</option>
<option value="bulgaria_s">Bulgaria</option>
<option value="burkina_faso_s">Burkina Faso</option>
<option value="burundi_s">Burundi</option>
<option value="cambodia_s">Cambodia</option>
<option value="cameroon_s">Cameroon</option>
<option value="canada_s">Canada</option>
<option value="cape_verde_s">Cape Verde</option>
<option value="cayman_islands_s">Cayman Islands</option>
<option value="central_african_republic_s">Central African Republic</option>
<option value="chad_s">Chad</option>
<option value="chile_s">Chile</option>
<option value="china_s">China</option>
<option value="christmas_island_s">Christmas Island</option>
<option value="cocos_(keeling)_islands_s">Cocos (Keeling) Islands</option>
<option value="colombia_s">Colombia</option>
<option value="comoros_s">Comoros</option>
<option value="congo_s">Congo</option>
<option value="cook_islands_s">Cook Islands</option>
<option value="costa_rica_s">Costa Rica</option>
<option value="cote_d'ivoire_s">Cote D'Ivoire</option>
<option value="croatia_s">Croatia</option>
<option value="cuba_s">Cuba</option>
<option value="cyprus_s">Cyprus</option>
<option value="czech_republic_s">Czech Republic</option>
<option value="denmark_s">Denmark</option>
<option value="djibouti_s">Djibouti</option>
<option value="dominica_s">Dominica</option>
<option value="dominican_republic_s">Dominican Republic</option>
<option value="ecuador_s">Ecuador</option>
<option value="egypt_s">Egypt</option>
<option value="el_salvador_s">El Salvador</option>
<option value="equatorial_guinea_s">Equatorial Guinea</option>
<option value="eritrea_s">Eritrea</option>
<option value="estonia_s">Estonia</option>
<option value="ethiopia_s">Ethiopia</option>
<option value="falkland_islands_(malvinas)_s">Falkland Islands (Malvinas)</option>
<option value="faroe_islands_s">Faroe Islands</option>
<option value="fiji_s">Fiji</option>
<option value="finland_s">Finland</option>
<option value="france_s">France</option>
<option value="french_guiana_s">French Guiana</option>
<option value="french_polynesia_s">French Polynesia</option>
<option value="french_southern_territories_s">French Southern Territories</option>
<option value="gabon_s">Gabon</option>
<option value="gambia_s">Gambia</option>
<option value="georgia_s">Georgia</option>
<option value="germany_s">Germany</option>
<option value="ghana_s">Ghana</option>
<option value="gibraltar_s">Gibraltar</option>
<option value="greece_s">Greece</option>
<option value="greenland_s">Greenland</option>
<option value="grenada_s">Grenada</option>
<option value="guadeloupe_s">Guadeloupe</option>
<option value="guam_s">Guam</option>
<option value="guatemala_s">Guatemala</option>
<option value="guinea_s">Guinea</option>
<option value="guinea-bissau_s">Guinea-Bissau</option>
<option value="guyana_s">Guyana</option>
<option value="haiti_s">Haiti</option>
<option value="honduras_s">Honduras</option>
<option value="hong_kong_s">Hong Kong</option>
<option value="hungary_s">Hungary</option>
<option value="iceland_s">Iceland</option>
<option value="india_s">India</option>
<option value="indonesia_s">Indonesia</option>
<option value="iran_s">Iran</option>
<option value="iraq_s">Iraq</option>
<option value="ireland_s">Ireland</option>
<option value="israel_s">Israel</option>
<option value="italy_s">Italy</option>
<option value="jamaica_s">Jamaica</option>
<option value="japan_s">Japan</option>
<option value="jordan_s">Jordan</option>
<option value="kazakhstan_s">Kazakhstan</option>
<option value="kenya_s">Kenya</option>
<option value="kiribati_s">Kiribati</option>
<option value="kuwait_s">Kuwait</option>
<option value="kyrgyzstan_s">Kyrgyzstan</option>
<option value="laos_s">Laos</option>
<option value="latvia_s">Latvia</option>
<option value="lebanon_s">Lebanon</option>
<option value="lesotho_s">Lesotho</option>
<option value="liberia_s">Liberia</option>
<option value="libya_s">Libya</option>
<option value="liechtenstein_s">Liechtenstein</option>
<option value="lithuania_s">Lithuania</option>
<option value="luxembourg_s">Luxembourg</option>
<option value="macau_s">Macau</option>
<option value="macedonia_s">Macedonia</option>
<option value="madagascar_s">Madagascar</option>
<option value="malawi_s">Malawi</option>
<option value="malaysia_s">Malaysia</option>
<option value="maldives_s">Maldives</option>
<option value="mali_s">Mali</option>
<option value="malta_s">Malta</option>
<option value="marshall_islands_s">Marshall Islands</option>
<option value="martinique_s">Martinique</option>
<option value="mauritania_s">Mauritania</option>
<option value="mauritius_s">Mauritius</option>
<option value="mayotte_s">Mayotte</option>
<option value="mexico_s">Mexico</option>
<option value="micronesia_s">Micronesia</option>
<option value="moldova_s">Moldova</option>
<option value="monaco_s">Monaco</option>
<option value="mongolia_s">Mongolia</option>
<option value="montserrat_s">Montserrat</option>
<option value="morocco_s">Morocco</option>
<option value="mozambique_s">Mozambique</option>
<option value="myanmar_s">Myanmar</option>
<option value="namibia_s">Namibia</option>
<option value="nauru_s">Nauru</option>
<option value="nepal_s">Nepal</option>
<option value="netherlands_s">Netherlands</option>
<option value="netherlands_antilles_s">Netherlands Antilles</option>
<option value="new_caledonia_s">New Caledonia</option>
<option value="new_zealand_s">New Zealand</option>
<option value="nicaragua_s">Nicaragua</option>
<option value="niger_s">Niger</option>
<option value="nigeria_s">Nigeria</option>
<option value="niue_s">Niue</option>
<option value="norfolk_island_s">Norfolk Island</option>
<option value="north_korea_s">North Korea</option>
<option value="northern_mariana_islands_s">Northern Mariana Islands</option>
<option value="norway_s">Norway</option>
<option value="oman_s">Oman</option>
<option value="other_s">Other</option>
<option value="pakistan_s">Pakistan</option>
<option value="palau_s">Palau</option>
<option value="palestina_s">Palestina</option>
<option value="panama_s">Panama</option>
<option value="papua_new_guinea_s">Papua New Guinea</option>
<option value="paraguay_s">Paraguay</option>
<option value="peru_s">Peru</option>
<option value="philippines_s">Philippines</option>
<option value="pitcairn_s">Pitcairn</option>
<option value="poland_s">Poland</option>
<option value="portugal_s">Portugal</option>
<option value="puerto_rico_s">Puerto Rico</option>
<option value="qatar_s">Qatar</option>
<option value="reunion_s">Reunion</option>
<option value="romania_s">Romania</option>
<option value="russian_federation_s">Russian Federation</option>
<option value="rwanda_s">Rwanda</option>
<option value="saint_helena_s">Saint Helena</option>
<option value="saint_kitts_and_nevis_s">Saint Kitts and Nevis</option>
<option value="saint_lucia_s">Saint Lucia</option>
<option value="saint_pierre_and_miquelon_s">Saint Pierre and Miquelon</option>
<option value="saint_vincent_and_the_grenadines_s">Saint Vincent and the Grenadines</option>
<option value="samoa_s">Samoa</option>
<option value="san_marino_s">San Marino</option>
<option value="sao_tome_and_principe_s">Sao Tome and Principe</option>
<option value="saudi_arabia_s">Saudi Arabia</option>
<option value="senegal_s">Senegal</option>
<option value="serbia_and_montenegro_s">Serbia and Montenegro</option>
<option value="seychelles_s">Seychelles</option>
<option value="sierra_leone_s">Sierra Leone</option>
<option value="singapore_s">Singapore</option>
<option value="slovak_republic_s">Slovak Republic</option>
<option value="slovakia_s">Slovakia</option>
<option value="slovenia_s">Slovenia</option>
<option value="solomon_islands_s">Solomon Islands</option>
<option value="somalia_s">Somalia</option>
<option value="south_africa_s">South Africa</option>
<option value="south_korea_s">South Korea</option>
<option value="spain_s">Spain</option>
<option value="sri_lanka_s">Sri Lanka</option>
<option value="sudan_s">Sudan</option>
<option value="suriname_s">Suriname</option>
<option value="swaziland_s">Swaziland</option>
<option value="sweden_s">Sweden</option>
<option value="switzerland_s">Switzerland</option>
<option value="syrian_arab_republic_s">Syrian Arab Republic</option>
<option value="taiwan_s">Taiwan</option>
<option value="tajikistan_s">Tajikistan</option>
<option value="tanzania_s">Tanzania</option>
<option value="thailand_s">Thailand</option>
<option value="timor-leste_s">Timor-Leste</option>
<option value="togo_s">Togo</option>
<option value="tokelau_s">Tokelau</option>
<option value="tonga_s">Tonga</option>
<option value="trinidad_and_tobago_s">Trinidad and Tobago</option>
<option value="tunisia_s">Tunisia</option>
<option value="turkey_s">Turkey</option>
<option value="turkmenistan_s">Turkmenistan</option>
<option value="turks_and_caicos_islands_s">Turks and Caicos Islands</option>
<option value="tuvalu_s">Tuvalu</option>
<option value="uganda_s">Uganda</option>
<option value="ukraine_s">Ukraine</option>
<option value="united_arab_emirates_s">United Arab Emirates</option>
<option value="united_kingdom_s">United Kingdom</option>
<option value="united_states_s">United States</option>
<option value="united_states_minor_outlying_islands_s">United States Minor Outlying Islands</option>
<option value="uruguay_s">Uruguay</option>
<option value="uzbekistan_s">Uzbekistan</option>
<option value="vanuatu_s">Vanuatu</option>
<option value="vatican_city_state_(holy_see)_s">Vatican City State (Holy See)</option>
<option value="venezuela_s">Venezuela</option>
<option value="viet_nam_s">Viet Nam</option>
<option value="virgin_islands_(british)_s">Virgin Islands (British)</option>
<option value="virgin_islands_(u.s.)_s">Virgin Islands (U.S.)</option>
<option value="wallis_and_futuna_islands_s">Wallis and Futuna Islands</option>
<option value="western_sahara_s">Western Sahara</option>
<option value="yemen_s">Yemen</option>
<option value="zambia_s">Zambia</option>
<option value="zimbabwe_s">Zimbabwe</option>
</select>
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" class="label"> Experience in Threat Modeling * </label>
</div>
<div class="second">
<div id="register_customfield_8"><input type="radio" id="register_customfield_8_0" name="register[customfield][8]" value="getting_started!_(under_2_years)"> <label for="register_customfield_8_0"> Getting started! (under 1 year) </label><input
type="radio" id="register_customfield_8_1" name="register[customfield][8]" value="2-5_years"> <label for="register_customfield_8_1"> 1-5 years </label><input type="radio" id="register_customfield_8_2" name="register[customfield][8]"
value="6+_years"> <label for="register_customfield_8_2"> 6+ years </label></div>
</div>
</div>
<div class="form__row" style="display: none;">
<div class="first">
<label data-required="" class="label" for="register_customfield_12"> source </label>
</div>
<div class="second">
<input type="text" id="register_customfield_12" name="register[customfield][12]" data-minchar="" data-maxchar="1000" placeholder=""
data-labels="{"single":"{n} character left","plural":"{n} characters left"}">
</div>
</div>
<div class="form__row" style="display: none;">
<div class="first">
<label data-required="" class="label" for="register_customfield_13"> medium </label>
</div>
<div class="second">
<input type="text" id="register_customfield_13" name="register[customfield][13]" data-minchar="" data-maxchar="1000" placeholder=""
data-labels="{"single":"{n} character left","plural":"{n} characters left"}">
</div>
</div>
<div class="form__row" style="display: none;">
<div class="first">
<label data-required="" class="label" for="register_customfield_14"> campaign </label>
</div>
<div class="second">
<input type="text" id="register_customfield_14" name="register[customfield][14]" data-minchar="" data-maxchar="1000" placeholder=""
data-labels="{"single":"{n} character left","plural":"{n} characters left"}">
</div>
</div>
<div class="form__row" style="display: none;">
<div class="first">
<label data-required="" class="label" for="register_customfield_15"> search engine </label>
</div>
<div class="second">
<input type="text" id="register_customfield_15" name="register[customfield][15]" data-minchar="" data-maxchar="1000" placeholder=""
data-labels="{"single":"{n} character left","plural":"{n} characters left"}">
</div>
</div>
<div class="form__row">
<div class="first">
<label data-required="1" class="label required" for="register_user_password"> Password * </label>
</div>
<div class="second">
<input type="password" id="register_user_password" name="register[user][password]" required="required">
</div>
</div>
<div class="form__row">
<div class="first choices--stacked fancyselect">
<input type="checkbox" id="register_terms" name="register[terms]" required="required" value="1">
<label for="register_terms" class="required"> I accept the <a href="/site/terms" target="_blank" class="terms">
terms & conditions
</a>
</label>
</div>
</div>
<div class="email_repeat" style="display: none;">
<div class="form__row">
<div class="first">
<label class="label" for="register_email_repeat"> loginBox.register.email_repeat </label>
</div>
<div class="second">
<input type="text" id="register_email_repeat" name="register[email_repeat]">
</div>
</div>
</div>
<button type="submit" id="register_submit" name="register[submit]" class="btn btn--cta btn--full-width"> Register <div class="loader"></div></button>
<input type="hidden" id="register_is_invite" name="register[is_invite]">
<input type="hidden" id="register__token" name="register[_token]" value="DGbANmLjN-BSC4ToiMlwu-GauAoDIj_0t9sKKoxoJK0">
</form>Name: login — POST /member/login
<form name="login" method="post" action="/member/login" class="form js-ajax-form--login">
<div class="js-notification">
<div class="box box__pad is-hidden">
<ul></ul>
</div>
</div>
<div class="form__row">
<div class="first">
<label class="label required" for="login_usernameOrEmail"> Username or Email Address </label>
</div>
<div class="second">
<input type="text" id="login_usernameOrEmail" name="login[usernameOrEmail]" required="required">
</div>
</div>
<div class="form__row">
<div class="first">
<label class="label required" for="login_password"> Password </label>
</div>
<div class="second">
<input type="password" id="login_password" name="login[password]" required="required">
</div>
</div>
<div class="form__row" style="float: left;">
<div class="first choices--stacked fancyselect">
<input type="checkbox" id="login_remember" name="login[remember]" value="1">
<label for="login_remember"> Remember me </label>
</div>
</div>
<div class="box__pad box--note box--blend" style="float: right; padding: 13.5px 0px;">
<a href="#" class="js-open-modal" data-modal="forgot" tabindex="-1">Forgot password?</a>
</div>
<button type="submit" id="login_submit" name="login[submit]" class="btn btn--cta btn--full-width"> Log in <div class="loader"></div></button>
<div id="create_account">
<h2>Create your account</h2>
<p>Not a member yet? Become a member to join forum discussions, participate in community events and apply to write articles.</p><a id="create_account_btn" class="js-open-modal btn" data-modal="register">Create an account</a>
</div>
<input type="hidden" id="login__token" name="login[_token]" value="vw8MHqekTkTPhlVh2-Id3VvtHo5d5CbR_zuVuiYbfNo">
</form>Name: forgotPassword — POST /member/forgotPassword
<form name="forgotPassword" method="post" action="/member/forgotPassword" class="form js-ajax-form--forgot" id="form--forgot__240760490">
<div class="js-notification">
<div class="box box__pad is-hidden">
<ul></ul>
</div>
</div>
<div class="form__row">
<div class="first">
<label class="label required" for="forgotPassword_username"> Username or e-mail </label>
</div>
<div class="second">
<input type="text" id="forgotPassword_username" name="forgotPassword[username]" required="required">
</div>
</div>
<div class="form-row first">
<button type="submit" id="forgotPassword_submit" name="forgotPassword[submit]" class="btn btn--cta qa-submit-button"> Send <div class="loader"></div></button>
<a href="#" class="group__item end js-open-modal qa-forgot-password-overview-link" data-modal="login">Back to overview</a>
</div>
<input type="hidden" id="forgotPassword__token" name="forgotPassword[_token]" value="tDGblT5Nw-Q-DXJbwfcXH_o5PhA1fot4b6attdbLt34">
</form>Text Content
COOKIE POLICY
We use cookies to enhance and personalize your experience. If you accept you
agree to our full cookie policy. Learn more about our cookies.
Accept cookies Deny all
Cookie settings
×
COOKIE SETTINGS
We use 3 different kinds of cookies. You can choose which cookies you want to
accept. We need basic cookies to make this site work, therefore these are the
minimum you can select. Learn more about our cookies.
Basic
Functional
Normal
Functional + analytics
Complete
Functional + analytics + social media + embedded videos
Accept cookies
* Welcome
* Resources
*
* * Welcome to the resource hub
* Resources
* Guides4
* Articles11
* Forum
*
* * Welcome to the forum
* Recently active topics
* Unanswered questions
* Forum
* Welcome & Announcements7
* General Discussion30
* Groups
* Events
* Make a post
Login/Register
What does a mature security champion program look like?
(Fri, Mar 24, 3:00 PM)
Hackathon participant? Ask questions, get help from mentors, check out the
latest announcements in the hackathon group.
Head to the group
UPCOMING EVENT
Meetup
Fri, Mar 24, 3:00 PM
WHAT DOES A MATURE SECURITY CHAMPION PROGRAM LOOK LIKE?
Online event
B
40 members attending40 Attendees40
CURRENT EVENT
MARCH 1 - 19, 2023
News
SPRING 2023 HACKATHON IN FULL SWING!
🎉 We just kicked off the Spring 2023 Hackathon this morning! Insecure design is
now listed as number 4 in the OWASP Top 10 Web Application Security Risks. In
recognition of International Women’s Day, our inaugural hackathon is designed
to promote data privacy early in the software development lifecycle. With 70+
community members joining us live from all over the world at the Global
Kick-Off, we had a incredible morning together and enjoyed: a delicious🍦
keynote speech by @Kim highlighting why the privacy posture of any software is
more critical than ever and how “privacy by design” can be achieved through
threat modeling a story from @purpleanchovy illustrating how a system’s
intended functions can be misused and hurt people and how threat modeling could
help address that a hands-on workshop led by @Chris Romeo that took us from
performing threat modeling to a house, to an alarm system, and finally to a
database great collaboration among the hackathon teams facilitated by
mentors @AviD @Jeroen V @jt.infosec @Brook Schoenfield in Chris' workshop
and... a professional DJ set by @aeftimie that connected all of us in a virtual
room, taking away the barrier that the screens often become 📅 Schedule March
1: Kick-Off: Keynote, Workshop: Security Threat Modeling March 9: Workshop:
Privacy Threat Modeling Framework March 19: Submission Deadline March
31: Winners Announced 🤩 Can’t wait to see what the teams will create over the
next three weeks!
18 days ago
950
* Recent activity
* Categories
izarParticipating Frequently
published in General Discussion
I'M IZAR TARANDACH - AND IF YOU HAVE QUESTIONS, I MAY HAVE ANSWERS!Q&A
Hi everyone, I’m Izar Tarandach, a Sr Staff Engineer at Datadog these days
helping develop security products. Previously, I helped Squarespace, Autodesk,
DellEMC RSA, IBM, and Bridgewater Associates design and implement product- and
enterprise-wide security solutions, offering guidance in the design and
implementation of secure systems and products. I’m also a co-author of "Threat
Modeling: A Practical Guide for Development Teams", O'Reilly with Matthew Coles,
and part of the "Threat Modeling Manifesto" band. I wrote the Continuous Threat
Modeling Handbook and lead the OWASP pytm project, the first (I think!)
threat-model-with-code framework out there. Currently I am looking into the
bridge between Observability and Security. I’m excited to talk about that,
secure development and engineering, threat modeling, careers in cybersecurity,
Threat Modeling Manifesto, my favorite movies, dogs, what is that funny fish and
anything in between. How it works: Add your questions below any t
1129920
2 days ago
ShuningCommunity Manager
posted in Welcome & Announcements
MEET & GREET YOUR PEERS 🤗
Hello, hola, hallo, guten tag, bonjour, shalom…community! One of the most
exciting parts of your journey in Threat Modeling Connect is the opportunity to
meet and work closely with the best and brightest (and kindest!) threat modeling
professionals around the world. Let’s greet each other and share: Where you
work, live, and your current role Your threat modeling experience, challenges,
expertise - whether you’re just beginning or further down the journey, we’d love
to hear more of your story Where we can find you if you’re not threat modeling
We’ll get to know each other more along the way. This is just the beginning of
something great :)
729
4 days ago
Michael BernhardtParticipating Frequently
published in Articles
SELLING THE “YELLOW COW”: HOW TO SELL THREAT MODELING TO YOUR LEADERSHIP TEAM
BEYOND ITS SECURITY BENEFITSARTICLE
The Yellow Cow is a picture by German artist Franz Marc ( Source:
https://en.wikipedia.org/wiki/Yellow_Cow#/media/File:Franz_Marc-The_Yellow_Cow-1911.jpg)
. In this artwork, Marc expressed the conflict between the inner and outer
perception of the world. Additionally, yellow stands for inspiration and power.
Leveraging this metaphor, let us explore how threat modeling, if implemented
successfully, can help put your organization in a stronger position beyond the
initial security goal. Threat modeling comes with cost and effort. It’s not
uncommon for organizations to pursue more cost-efficient paths as long they
allow them to “check the box.” In my article “ Becoming the Martian: How to
Scale Threat Modeling in Your Organization ,” I have elaborated on why threat
modeling has not yet been a C-level topic in most companies. The article should
provide the arguments to justify a threat modeling program being the more
sustainable solution for your organization. Many organizations sta
5520
4 days ago
madchapNew Participant
asked in General Discussion
NPS FOR THREAT MODELING
Hello everyone! I am searching for ideas or experiment feedback on how to
gather a sort of TM “NPS score” as a measure on how well or not we’re doing with
our engineering teams. Hint: Sending MS Forms surveys don’t really work. Looking
past the “number of threat models performed”, “number of security work items
opened” (and maybe never worked on), etc… how would you measure the actual
value that is brought (or not) to various engineering teams as you educate/have
them perform threat modeling? As I am endeavoring in some development work to
create a custom Azure DevOps extension for NFRs to bring stuff in-band of
engineering teams (and ensure something more cyclic too), I have some
rough ideas, but would like to open the question to the experts :) Thanks!
15
6 days ago
JSnurkaNew Participant
posted in General Discussion
NIST MATURITY MOVER USING THREAT MODELING
My organization is working to move our NIST maturity and one of the ways my team
can help is in the area of Threat Modeling. There are some specific questions
around TM but it seems that NIST looks at Networking, Database and Application
Threat Modeling separately. To be honest, I didn’t know modeling was done in
different pillars but holistically. Here are a few of the NIST questions. I
would love feedback on how I can use a tool like IriusRisk to move the needle on
these. Which of the following describe how network threat modeling is performed
by the organization? TM performed against network attack surfaces Against data
flow What is the estimated % of all databases for which the organization
performs threat modeling to identify and prioritize potential threats? Which of
the following describe the organization's implementation of threat modeling #3
is focused on application TM incorporated in SDLC BTW - NIST defines SDLC as
System Development Lifecycle
12
6 days ago
irene221bParticipating Frequently
posted in General Discussion
ANYONE TRIED TO APPLY "COLLABORATIVE MODELING" IDEAS IN YOUR THREAT MODELLING?
https://freecontent.manning.com/better-software-development-with-collaborative-modeling/ -
I’ve come across this book and the ideas look very applicable to what we do with
threat modelling. Anyone familiar with these ideas? Have you tried it? Any other
thoughts?
01
9 days ago
zeroxtenNew Participant
asked in General Discussion
QUESTION ON REDDIT: THREAT MODELING SOMETIMES NOT THE BEST OPTION FOR ADRESSING
SECURITY? REQUEST FOR COMMENTS
Sharing this from a post by u/RoAmbk on r/threatmodeling, I thought it would be
good to get this community’s input. Hi, I sometimes need to help projects in the
web/cloud domain, some of them are green field projects. Threat modeling is a
vital part of the SSDLC of these projects. On the other hand, there are
guidelines like OWASP Top 10, OWASP ASVS, and many more that can help getting to
a certain security level.I prefer to first follow guidelines and only after
these have been assessed, perform threat modeling to detect risks and mitigate
them.I had the experience that putting threat modeling before assessing a
guideline is not as effective for these kind of projects. On the other hand,
threat modeling is best when assessing a very custom solution like an embedded
system with networked and legacy components. Do you have some thoughts and
comments? I would be very interested in your opinion.Thank you What do you
think? (source: https://www.reddit.com/r/threatmodeling/comments/10
02
13 days ago
shankarbabuNew Participant
published in Guides
A STEP-BY-STEP GUIDE TO CREATE YOUR FIRST THREAT MODEL (TEMPLATE INCLUDED)GUIDE
Introduction: What is Threat Modeling Threat Modeling versus Threat Intelligence
Threat Modeling alignment to NIST CSF A Simple, Six-Step Approach to Threat
Modeling Step 1: Create an architecture diagram and label the artifacts Step 2:
List down each architectural component Step 3: Identify and assign potential
threats from STRIDE applicability matrix Step 4: Describe threat description
Step 5: Propose risk mitigation plan Step 6: Identify appropriate security
controls from NIST CSF Manual Threat Modeling Tool Using a Spreadsheet
(Template) References Appendix 1: Primer to STRIDE framework Threat
Classifications Threat Modeling Elements STRIDE applicability to TM elements
Appendix 2: Sample Threat Models SaaS application (public cloud hosted)
Introduction: What is Threat Modeling A structured and repeatable process to
identify threats and mitigate them against valuable assets in a system. We
cannot build secure systems until we und
128954
C
17 days ago
ShuningCommunity Manager
published in Welcome & Announcements
SPRING 2023 HACKATHON IN FULL SWING!NEWS
🎉 We just kicked off the Spring 2023 Hackathon this morning! Insecure design is
now listed as number 4 in the OWASP Top 10 Web Application Security Risks. In
recognition of International Women’s Day, our inaugural hackathon is designed
to promote data privacy early in the software development lifecycle. With 70+
community members joining us live from all over the world at the Global
Kick-Off, we had a incredible morning together and enjoyed: a delicious🍦
keynote speech by @Kim highlighting why the privacy posture of any software is
more critical than ever and how “privacy by design” can be achieved through
threat modeling a story from @purpleanchovy illustrating how a system’s
intended functions can be misused and hurt people and how threat modeling could
help address that a hands-on workshop led by @Chris Romeo that took us from
performing threat modeling to a house, to an alarm system, and finally to a
database great collaboration among the hackathon teams facilitated b
7950
18 days ago
Adam ShostackKnown Participant
posted in General Discussion
WHAT MAKES TRUST BOUNDARIES A CHALLENGING CONCEPT?
I routinely hear people struggle. Perhaps it's been too long since I first
encountered it. Have you heard a good explanation of why it's hard? Do you have
one of your own? What helped you overcome it? How do you teach it, or elicit
boundaries when you’re leading threat modeling work?
58
L
19 days ago
Show more activity
FORUM
Validate ideas, share resources, and get feedback from your peers and experts
WELCOME & ANNOUNCEMENTS
* 7 topics
* 32 Replies
GENERAL DISCUSSION
* 30 topics
* 155 Replies
POPULAR TAGS
* Threat Modeling Fundamentals
* Community
* Methodology
* Why Threat Modeling
* Enterprise TM Program
* Stakeholder Engagement
* Tooling
How to encourage the agile team to embrace threat modeling? How do I begin as a
developer? What’s the future of threat modeling?
Read Izar's answers
See the past Ask Me Anything (AMA) by Chris Romeo.
FEATURED TOPICS
Guide
EMBEDDING THREAT MODELLING IN THE DEVOPS LIFECYCLE (PART 1: BACKLOG MANAGEMENT)
If you’re part of this community, I’m sure you don’t have to be convinced of the
huge value that threat modelling can bring to teams and how it helps create
better and more secure software. However, I’ve often seen through my employee
and consultant career that HOW threat modelling outputs are managed in the
organisation is often at odds with the organisation dynamics, making it hard for
threat modelling to “stick” as a repeatable organisational practice. This will
be a two-part series, in which we’ll first talk about backlog management
practices and how they can make or break threat modelling, and in the second
part, we’ll talk about the often problematic relationship with risk management
practices which already exist. In this blog, I’ll talk about a few patterns I’ve
seen that can often have a negative impact on your threat modelling activities,
even though they sit outside of it, in how they become integrated, or not, with
backlog management practices by the engineering teams. Failure to build
relationships and negotiate success with Product owners Inability to aggregate
results across the organisation and prove its value Failure to connect to the
compliance framework and objectives Failure to build relationships and negotiate
success with Product owners I’ve seen many programmes where in the haste to
prove its value, threat modelling practices are overly focused on the
Engineering teams, starting with great and comprehensive training programmes to
teach how to perform a particular framework. Having experienced it, it tends to
be short-lived or become something done with little engagement. And often a big
contributing factor to that lack of engagement, is that not enough effort was
put in understanding the organisational dynamics around what gets done or how
prioritisations or re-prioritisations are managed. I’d highly advise
interviewing and building great relationships with Product Owners to understand
how bugs are managed, previous instances of re-prioritisations and how they came
to be and how the teams handled them. This should give you some insight into how
security will (likely) either succeed or fail. This often means you need to pay
attention to Agile / Scrum practices and if they consider that threat modelling
is something they should pay attention to. What gets done when using these
practices tends to be defined in “Definition of Ready” and “Definition of Done”.
I often propose that “Definition of Ready” should establish the criteria by when
threat modelling is actually required, and it should be negotiated, not imposed.
For instance, only new types of data processing, or significant changes to
architecture should warrant a threat modelling session to be required, so the
normal activities performed by teams which don’t introduce any new patterns
aren't unburdened by the extra effort. If you expect threat modelling to happen
all the time, pretty quickly it tends not to be done at all. Inability to
aggregate results across the organisation and prove its value If we bring it up
a level from Product teams, another challenge I’ve seen which contributes to the
lack of success of threat modelling in organisations is the security team not
focusing on acquiring the ability to have a 10.000 foot view of how threat
modelling is happening across the organisation. To do this, and if using the
existing tooling that teams tend to use for backlog management, like JIRA. It
means you should find a way to use metadata that you can use to query and make
sense of how much threat modelling is actually happening, and what tickets are
being identified that mitigate identified threats. I like to say that if the
output of a threat modelling session wasn’t tickets in a team backlog, then what
you did was a nice chat, not a security practice. There are 3 ways in which I’ve
seen this attempted, both with pros and cons New issue type or project Using
labels Using fields Approach Pros Cons New issue type or project Better
flexibility and be more prescriptive in categorisation for vulnerability
management or risk management Easier to aggregate reporting It’s imposing on
Engineering workflows May reduce sense of ownership for those items by
Engineering Using labels Very easy to start Allows for most flexibility and
evolution of categorisation as practice evolves Bulk retrospective changes are
easy, as you evolve your threat modelling practice Very easy to mislabel,
skewing results Harder to ensure consistency High dependency on team members
remembering to do it Using fields (within existing projects) Using fields with
drop-downs makes for an easier user experience* Easier to get the
categorisations maintained centrally You need to convince teams to change their
projects * for instance, if you decide to create drop-downs relating to areas
of ASVS I would generally advise against creating new projects, even issue
types, as they tend to reduce the sense of ownership by Engineering. Using
fields is generally my preferred option. This will then allow to aggregate
reporting easily, using for instance dynamic Confluence pages querying the JIRA
data, that you can use to aggregate results and not only see the status of
threat modelling activities across the organisation in real time, but be able to
show Senior Management that it’s an effective practice which is identifying and
mitigating threats. Failure to connect to the compliance framework and
objectives Another challenge I’ve seen, is the dark-side of bottom-up adoption
of threat modelling, which is that if there aren’t good relationships between
Compliance and Engineering, the practices will be done in isolation without real
benefit or integration to the ISMS (Information Security Management system).
This often leads to the security engineering benefits brought by threat
modelling, to be disconnected from the Compliance programme and as such pose no
actual benefit to Compliance, which is crazy, but seen it more than once.
Sometimes, yes, I agree with what you’re thinking, if you bring Compliance to
co-design they’ll just overcomplicate it. But it’s a relationship worth putting
some effort in, for the mutual benefits it can bring to the organisation as a
whole. Ideas such as risk-informed threat modelling, where teams perform
dedicated threat modelling sessions to explore mitigations for identified risks,
are a good way to start bringing the teams together. This bringing together can
also be thought about from a categorisation perspective, for instance, with
drop-downs to ISO 27001 mappings or any other relevant frameworks. You’ll
certainly need to discuss who’s accountable to do what and when, but that’s your
contextual challenge that you need to figure out what works, maybe even
experiment. Did you ever see these effects in your own organisation? Being able
to spot a pattern or organisation dynamics and how they interplay to make work
successful, is something that those wishing to embed threat modelling shouldn’t
overlook if we’re aiming for success. If you’ve tried implementing threat
modelling in the past and couldn’t, and before thinking that threat modelling
failed you, consider first that you may have failed threat modelling too.
M
4 months ago
2790
Guide
A STEP-BY-STEP GUIDE TO CREATE YOUR FIRST THREAT MODEL (TEMPLATE INCLUDED)
Introduction: What is Threat Modeling Threat Modeling versus Threat Intelligence
Threat Modeling alignment to NIST CSF A Simple, Six-Step Approach to Threat
Modeling Step 1: Create an architecture diagram and label the artifacts Step 2:
List down each architectural component Step 3: Identify and assign potential
threats from STRIDE applicability matrix Step 4: Describe threat description
Step 5: Propose risk mitigation plan Step 6: Identify appropriate security
controls from NIST CSF Manual Threat Modeling Tool Using a Spreadsheet
(Template) References Appendix 1: Primer to STRIDE framework Threat
Classifications Threat Modeling Elements STRIDE applicability to TM elements
Appendix 2: Sample Threat Models SaaS application (public cloud hosted)
Introduction: What is Threat Modeling A structured and repeatable process to
identify threats and mitigate them against valuable assets in a system. We
cannot build secure systems until we understand the applicable threats to our
applications/ systems/platforms/infrastructure/services/APIs etc. Threat
Modeling involves (i) visually modeling a system (ii) identifying potential
threats (iii) validating and/or designing security controls to mitigate risk(s).
Threat Modeling versus Threat Intelligence While both Threat Modeling (TM) and
Threat Intelligence (TI) focus on identifying threats in order to act on them or
mitigate them, Threat Modeling aligns well with the Security architecture/design
portion of Secure Development Lifecycle , whereas Threat Intelligence aligns
well with security operations. Threat Modeling is relevant to identifying
threats in a particular system/application/platform/service that we are building
before that system is deployed in production, whereas Threat Intelligence is
relevant to a comprehensive list of Threats to a whole organization with
reference to systems that are already in
production/non-prod/pre-prod/laptops/desktops, etc. Threat Modeling alignment to
NIST CSF Both Threat Modeling (TM) and Threat Intelligence (TI) maps into NIST
CSF Identify (ID) → Risk Assessment (ID.RA) category Function Category
Sub-category IDENTIFY (ID) Risk Assessment (ID.RA): The organization
understands the cybersecurity risk to organizational operations (including
mission, functions,image, or reputation), organizational assets, and
individuals. ID.RA-3: Threats, both internal and external, are identified and
documented A Simple, Six-Step Approach to Threat Modeling The following
describes a simple six-step approach to perform threat modeling: Create an
architecture diagram of the application/system by: depicting each architectural
component as one of the four threat modeling elements . Any architectural
component which is not an actor/data flow/data store would be a process from the
threat modeling perspective. assign a number to each architectural component for
each reference in later steps. List down each architectural component matching
the assigned numbers or identifiers in the diagram (eg. as rows in a
spreadsheet) along with mapping to the corresponding threat modeling element
those components fall into. For each such architectural component, duplicate
the row as many times as there are applicable threats based on the STRIDE
applicability matrix and assign an applicable threat for that component in each
row. For example, for an actor, there would be two rows (one for Spoofing threat
and second row for Repudiation threat as there are two applicable threats as per
STRIDE applicability matrix . Similarly, there would be four rows for a
database, as there are four applicable threats for a data store). Think about
how such a threat could make a contact or exploit a vulnerability in the
component and manifest into a real risk to the application/system that is being
threat modeled. Write down or explain the threat description in a simple
sentence or two Think about if the threat is real or not and how a set of
security controls (one or many) that are already in place or going to be
implemented could mitigate the potential risks. Propose such mitigation plan in
a simple sentence or two Identify the appropriate security control(s) from NIST
CSF . Each such security control should be placed in the next column on the same
row. Note that there could be many-to-many relationships between potential
threats and possible mitigation controls. (one security control may mitigate
multiple threats and one threat may need multiple controls for risk mitigation).
Let's take a simple internet facing web application architecture to walk
through the six (6) steps described above. Step 1: Create an architecture
diagram and label the artifacts Step 2: List down each architectural component
Artifact depicted in the diagram TM Element (1) Human user
(customer/employee/partner) using a web browser Actor (2) Data flow between
user/browser and web/app server Data flow (3) Web Application
(app.organization.com) Process (4) Data flow between web/app server and database
Data flow (5) Database Data store Step 3: Identify and assign potential
threats from STRIDE applicability matrix Artifact depicted in the diagram TM
Element Applicable Threats (STRIDE Classification) (1) Human user
(customer/employee/partner) using a web browser Actor Spoofing (1) Human user
(customer/employee/partner) using a web browser Actor Repudiation (2) Data flow
between user/browser and web/app server Data flow Tampering (2) Data flow
between user/browser and web/app server Data flow Information disclosure (2)
Data flow between user/browser and web/app server Data flow Denial of service
Step 4: Describe threat description Analyze Model Identify Threats Artifact
depicted in the diagram TM Element Applicable Threats (STRIDE Classification)
Threat description (1) Human user (customer/employee/partner) using a web
browser Actor Spoofing An attacker could pretend to be a valid customer and try
to access unauthorized details (1) Human user (customer/employee/partner) using
a web browser Actor Repudiation An authorized user (e.g., w/ admin privs) might
delete/edit customer data and could claim to have not performed that action (2)
Data flow between user/browser and web/app server Data flow Tampering An
attacker could modify data as it traverses internet to the web/app server (2)
Data flow between user/browser and web/app server Data flow Information
disclosure An attacker could sniff network traffic to read sensitive data in
transit (2) Data flow between user/browser and web/app server Data flow Denial
of service An attacker could launch DoS/DDoS to degrade the availability of a
web application/service to users Step 5: Propose risk mitigation plan Artifact
depicted in the diagram TM Element Applicable Threats (STRIDE Classification)
Threat description How we plan to mitigate the risk(s) (1) Human user
(customer/employee/partner) using a web browser Actor Spoofing An attacker could
pretend to be a valid customer and try to access unauthorized details
Implemented or plan to implement strong authentication (1) Human user
(customer/employee/partner) using a web browser Actor Repudiation An authorized
user (e.g., w/ admin privs) might delete/edit customer data and could claim to
have not performed that action Implemented or plan to implement log monitoring
for operations on sensitive data by users (2) Data flow between user/browser and
web/app server Data flow Tampering An attacker could modify data as it traverses
internet to the web/app server Implemented or plan to implement encryption of
data in-transit using strong cryptography (2) Data flow between user/browser and
web/app server Data flow Information disclosure An attacker could sniff network
traffic to read sensitive data in transit Implemented or plan to implement
encryption of data in-transit using strong cryptography (2) Data flow between
user/browser and web/app server Data flow Denial of service An attacker could
launch DoS/DDoS to degrade the availability of a web application/service to
users 1. Implemented or plan to implement firewalls at appropriate levels in the
network to reduce the attack surface 2. Implemented secure network configuration
Step 6: Identify appropriate security controls from NIST CSF Analyze Model
Identify Threats Mitigation Plan Artifact depicted in the diagram TM Element
Applicable Threats (STRIDE Classification) Threat description How we plan to
mitigate the risk(s) Relevant or applicable NIST CSF control(s) (1) Human user
(customer/employee/partner) using a web browser Actor Spoofing An attacker could
pretend to be a valid customer and try to access unauthorized details
Implemented or plan to implement strong authentication PR.AC-7: Users, devices,
and other assets are authenticated (e.g., single-factor, multi-factor)
commensurate with the risk of the transaction (e.g., individuals’ security and
privacy risks and other organizational risks) (1) Human user
(customer/employee/partner) using a web browser Actor Repudiation An authorized
user (e.g., w/ admin privs) might delete/edit customer data and could claim to
have not performed that action Implemented or plan to implement log monitoring
for operations on sensitive data by users PR.PT-1: Audit/log records are
determined, documented, implemented, and reviewed in accordance with policy
DE.AE-3: Event data are collected and correlated from multiple sources and
sensors (2) Data flow between user/browser and web/app server Data flow
Tampering An attacker could modify data as it traverses internet to the web/app
server Implemented or plan to implement encryption of data in-transit using
strong cryptography PR.DS-2: Data-in-transit is protected (2) Data flow
between user/browser and web/app server Data flow Information disclosure An
attacker could sniff network traffic to read sensitive data in transit
Implemented or plan to implement encryption of data in-transit using strong
cryptography PR.DS-2: Data-in-transit is protected For full threat model,
refer to “Threat Model for 2-tier web app” worksheet at: 🔗 Template: Creating
a Manual Threat Model in Six Steps (by Shankar Chebrolu) Architecture diagrams
are on the first worksheet “Architecture diagrams” for additional reference.
Manual Threat Modeling Tool Using a Spreadsheet (Template) The template for
creating a threat model manually in six steps using a spreadsheet is made
available at the link below . T he template could be customized further to make
it work with any security standard or framework instead of NIST CSF or with an
organization's internal security standard. 🔗 Template: Creating a Manual Threat
Model in Six Steps (by Shankar Chebrolu) References Microsoft Security
Development Lifecycle Introduction to Microsoft SDL Threat Modeling Threat
Modeling - Designing for Security Securing Systems - Applied Security
Architecture and Threat Models Appendix 1: Primer to STRIDE framework Threat
Classifications There are six classifications of Threats dubbed as STRIDE
(Spoofing, Tampering, Repudiation, Information disclosure, Denial of service,
Elevation of privilege) as described below. The STRIDE approach to threat
modeling was invented in 1999. Threat Classification Definition Sample Threats
Desired security control to mitigate the threat Risk mitigation solution
Spoofing Impersonating something or someone else Pretending to be a valid user
or server Authentication Enforce strong authentication techniques like 2FA for
human authentication, client certs for non-human (API) clients Tampering
Modifying data/ code unauthorized Modifying code (or library) on a system / data
on disk Integrity Enforce strong cryptography/ hashing Repudiation Claiming to
have not performed an action Remove record of modification of a file / resource
Non-Repudiation Enforce logging on key events of interest. Use digital
signatures Information disclosure Exposing information to someone not authorized
Gathering sensitive information from log files Confidentiality Enforce strong
cryptography/ encryption Denial of service Deny or degrade service to
legitimate / Crashing a website Availability Use Throttling to control resource
usage or design/build resiliency at the server level Elevation of privilege Gain
capabilities without proper authorization Allowing remote user to run commands,
switch from a limited user to admin Authorization Enforce principle of least
privilege Threat Modeling Elements There are four elements used in Threat
Modeling: Actor - Users (typically human users, but don't need to be. It could
be clients like browsers or devices with IP address or physical address) Data
Store - Databases, File systems, LDAP, Cookies, Memory-Cache Data Flow - HTTPS,
IPSEC, RPC Process (runs code) - Web application/service, OS process,
VM/Host/Server STRIDE Applicability to TM Elements Not all the threats apply to
every element in the architecture diagram. Matrix of the applicability of
threats to actors is shown in the table below: Spoofing Tampering
Repudiation Information Disclosure Denial of service Elevation of privilege
Actor X X Data store X X X X Data flow X X X Process X X X X X
X Appendix 2: Sample Threat Models SaaS Application (Public Cloud Hosted)
Refer “ Threat Model for SaaS application” worksheet 🔗 Template: Creating a
Manual Threat Model in Six Steps (by Shankar Chebrolu)
4 months ago
8954
Guide
A GUIDE TO EMBEDDING THREAT MODELING IN RISK MANAGEMENT (PART 1)
Overview Why bother about risk management Review of the risk management process
Establishing the context Risk assessment Risk identification Risk analysis Risk
evaluation Risk Treatment and Reporting Closing remarks References Overview
Showing the benefits of threat modeling to management less invested in cyber
security topics is notoriously hard as the added value of security, in general,
is hard to communicate unless an incident happens. However, the situation can be
significantly improved by regularly relating the threat model outcomes to the
risk concepts business understands and feels accountable for. The trick is to
show that the threat modeling findings are not abstract or hypothetical
technical scenarios but rather factors that contribute to high-level business
risks and thus increase the chance of failing to meet the defined business
goals. Budget is, after all, tied to reaching these goals. This is especially
true when factoring in the resources needed to scale the process or to conduct
it as a regular activity by a single team. One efficient way of creating
stakeholder engagement in such a situation is to embed threat modeling in the
organization’s risk management (RM) process. Risk management is fundamentally
about systematically assessing risks that jeopardize management goals and
priorities. Embedding threat modeling in the risk management process is your
possibility to re-frame management perception about the process and highlight
how it adds significant value to upper management: establishing a connection
between the business risks and the technical risks capturing the contribution
of various technical threats to the business risks creating transparency on
the amount of risk that was accepted implicitly before performing threat
modeling show the ROI of threat modeling by tying it to risk concepts that are
expressed quantitatively With re-positioning TM as an essential and in the
broader RM process integrated activity, you reframe the perspective on threat
modeling to something the business side appreciates for its added value in
reaching their own goals instead of merely accepting the importance of security.
This appreciation can make the difference between getting adequate resources for
maintaining and scaling the TM process or being (constantly) under-prioritized
in favor of, say, feature stories – even though nobody would openly debate the
importance of security. In Part I, we start with a quick overview of a general
risk management (RM) process and give a strategic perspective on some of the
considerations about embedding threat modeling in the RM process as a regular
activity. In Part II, we demonstrate the basic idea of embedding an example set
of STRIDE (Shostack, 2009) findings to a reasonably traditional RM process using
standard RM techniques like the FIRM (Hopkin, 2017, pp. 135-138) framework for
identifying business risks and risk matrices to measure (changing) risk levels.
Whether you use STRIDE in your organization is of minor relevance. We primarily
use it as a relatively lightweight method, and we do not want to get lost in
threat modeling details for this article, our goal being mostly to demonstrate
the core ideas with rudimentary – and to be improved – models. Part III
addresses some of the shortcomings of the initial models by introducing more
advanced quantitative risk models. Part IV finishes this journey with possible
approaches to scale by incorporating quantitative risk models with modern threat
model representations like the Open Threat Model format. Why bother about risk
management Unfortunately, the communicated strategic business goals are often
too high-level to directly relate to them the potential benefits of threat
modeling. Doing so, you would end up with arguments like “TM helps to create an
improved customer experience by incorporating security into the user journey and
thus contributes to reaching the strategic goal of increased customer
satisfaction.” Such statements might be accurate, but most probably will not be
enough to get your case organizational support (i.e., budget & other resources).
Instead, it would help if you could wave the TM activities into how your
organization breaks down these strategic goals internally and identifies the
risks associated with them from a management perspective . Once you achieve
this, the strategic goals management efficacy is measured against, becoming your
leverage in positioning TM as a crucial effort in reaching business goals. As it
turns out, one effective way to implement this strategy is to follow the risk
management process the organization already uses and create connections with the
established steps. Since, on a high level, risk management processes look
pretty similar, we will adapt the ISO 31000 terminology for the sake of this
article. The high-level illustration of ISO 31000 presented in Figure I,
borrowed from (Hopkin, 2017, p. 79), gives us just enough understanding of a
typical risk management process for our purposes. ISO 31000 is a general enough
framework, so you might find similarities when reviewing the RM methods
implemented in your company, even if it is formally not ISO 31000 compliant.
Figure 1, an illustration of the ISO process as presented in (Hopkin, 2017, p.
79) Review of the risk management process Now that we have motivated why one
should think about threat modeling in a broader risk management context let’s
review the steps an RM process uses to achieve this on a high level to create a
bit of understanding of the process we would like to embed threat modeling
into. Establishing the context A typical risk management process starts with a
step that ISO 31000 calls “establishing the context.” This or its equivalent
section describes the internal and external factors your management considers
relevant. The external context mainly considers the local and global market
situation, political landscape, and regulatory requirements. In comparison, the
internal context addresses considerations like financial goals and limitations
or various effects of strategic decisions like adopting a cloud-first strategy.
This is where management states what they care about from the context they
operate in. Aspects that are recognized here will guide the subsequent steps in
the process. Risk assessment This is the part of an RM process where we need
to concentrate most of our efforts on establishing threat modeling as an
integral part of the risk management process. It comprises essential risk
identification, analysis, and evaluation activities. Our goal is to show that
threat modeling has not only similarities with these steps but can also be used
as an implementation of these activities in a software development context.
Risk identification Building upon the factors listed in the previous step
establishing the context , the risk identification part of the risk management
process deals with systematically enumerating the business risks derived from
the elements of the external and internal context. It could feel tempting to
position threat modeling as the developer team’s equivalent risk identification
activity. The one identifies business risks, the other technical threats. Aren’t
these just the same thing under a different name? Well, not exactly. There is
plenty of discussion on the subtle differences between threats vs. risks we can
not cover here. However, there is one aspect that has some significance from the
point of view of the question of how to embed threat modeling into risk
management: the external and internal context based on which an RM process
derives the business risks is relatively static compared to the typical 2 - 4
weeks long development cycle. Admittedly, threats are most probably present
during the product lifetime, likely those derived from core architecture and
business features. Nevertheless, there is still an inherent difference in the
dynamics by which threats are potentially uncovered by the threat modeling
activities vs. the relevance of business risks which are usually reassessed
during the yearly business planning activities. Even though the list of any
initially identified threats based on planned core features and architecture
will likely not change heavily during iterations, a new threat will likely be
uncovered during the TM of a new feature, which contributes to risk, thus
changing the overall risk profile. This observation has two practical
implications for us: business risks are not the equivalent concepts to the
technical threats TM deals with there is potentially a significant difference in
the dynamics of the process used to identify risks vs. those that are supposed
to identify threats We must find ways to account for these aspects when mapping
business risks and threats later on, but let’s note that the mapping is not
straightforward and probably should happen elsewhere in the process. Many
companies use the finance, infrastructure, reputation, and marketplace (FIRM)
classification for risk identification (Hopkin, 2017, p. 165). Since we need a
simple RM process example to demonstrate how to embed TM, this will do
perfectly. Using this methodology, a company could arrive at a list of risks
like the below one following: Reputational risks: customer acquisition roadmap
jeopardized by brand damage compliance risk concerns over the quality of the
product Marketplace risks: We consider this category out of scope. Typically,
product teams would perform threat modeling and focus on cyber security threats.
The financial risk of the internal context to be addressed by the team: fraud
risk Infrastructure risks of the internal context to be addressed by the team:
insufficient resilience of the system insufficient data protection As you can
see, this list does not focus on technical issues but emphasizes business
priorities. This is common in for general RM process’s list of identified risks.
Their job is, after all, to guide management. Ours is to show how the threat
modeling process contributes to the efforts devoted to mitigating these business
risks and that the technical threats TM uncovers are not somehow confined to a
business realm: the connection is there, and the contribution can be made
visible with the very same tools the RM team uses otherwise to express and
measure risk levels. Risk analysis Most risk management process implementations
have a section that breaks down the identified risks. Consequences are
enumerated, and likelihoods and magnitude criteria are outlined for various risk
levels in case of qualitative risk representations and probability and some
quantitative measure (loss in dollars, for example) in case a quantitative model
is preferred. The function with which you assign your risks and assign a
specific value to them will be referred to as the risk function. As this section
naturally deals with the technicalities of analyzing risks identified earlier,
this is the suitable part of the RM process to introduce TM by establishing the
mapping between business risks and technical threats. As mentioned previously,
our preferred strategy is establishing a mapping hierarchy between business
risks and technical threats, where possibly several threats contribute to one
business risk. Mapping a set of threats to given risks allows the group to
change over time; see the consideration above regarding risk vs. threat
dynamics. Also, it provides us with a conceptual bridge from risk levels through
a set of threats that contribute to that risk down to vulnerabilities (for the
sake of this discussion, let’s treat vulnerabilities simply as concrete
manifestations of a threat). In practical terms, this means that the risk
function will be applied to risk and its associated threats and evaluated to the
value of that risk associated given those threats. The effect of implementing
mitigations is expressed simply by a reduced risk value. This will be at the
heart of many design considerations in the example approaches and their
evaluation presented in subsequent articles (Part II and Part IV). Risk
evaluation The risk evaluation step takes risks identified earlier. It evaluates
them against the function used to calculate the magnitude and likelihood values
of the risk (or any other representation of the risk values). These risk values
are then displayed in a format adequate to the model chosen earlier: a risk
matrix is a common choice for visualizing qualitative data, and a loss
exceedance curve is a popular choice (Hubbard & Seiersen, 2016) to visualize and
evaluate probabilistic representations. Different risk values are calculated for
each risk with other mitigations applied to them to account for the effect of
various mitigation options. The risk level without any mitigations is usually
referred to as inherent risk , while the reduced risk level after applying
specific mitigations is the projected risk . The differences between the
projected risk values can be compared to give one way to guide the process of
selecting the most appropriate mitigation. An exciting aspect of the activities
in the evaluation step is when or rather how often they would happen: would the
risk values be calculated and overall representations updated during (or rather
tied to) the threat modeling sessions (again more dynamic in nature) or rather
less frequently as part of a more strategic evaluation process? After all, a
team does not necessarily need to take into account the effect of changes in the
global risk landscape when deciding the order of local work units (implementing
countermeasures) Risk Treatment and Reporting The threat modeling equivalent of
the risk treatment step of a general RM framework would be the implementation of
the defined countermeasures and mitigations. One could argue that to work down
your list of countermeasures, total risk evaluation is not necessarily needed;
the decision could be guided by engineering input on resources, urgency, or
other factors. You could see risk value changes captured in risk matrices or
loss exceedance curves as information to drive more strategic decisions. It
would be, for example, perfectly relevant input at budgeting discussions when
one would consider what budget and comprehensive resources to allocate for the
next budgeting period, given the contribution of cyber security threats to the
overall business risk landscape. In other organizational contexts, the risk
value changes could be used to guide the team locally, make more tactical
decisions, and thus directly influence, for example, work prioritization. To
what extent risk evaluation outcomes are used as input for risk treatment -
guiding prioritization and scheduling of the implementation of countermeasures -
or management reporting processes essentially is a choice of how tightly an
organization wants to tie tactical decisions to the overall strategy.
Irrespective of the preferred option, the direction taken would naturally affect
how the monitoring and review functions, along with the management communication
and consultation, would consume the calculated risk values and updates in the
aggregated representation (risk matrices, loss exceedance curves, or other
models). Closing remarks This overview shall help you to appreciate the
potential of embedding threat modeling formally into the risk management
process. The following article will use a simple concrete example to showcase
the main ideas. We will start with one possible example of how to break down the
above business risks to STRIDE threats. We will then review the primary
considerations around constructing a risk evaluation function mapping to
categorical likelihood and magnitude values represented in an aggregate form by
risk matrices. References Hopkin, P. (2017). Fundamentals of Risk Management
- Understanding, evaluating and implementing effective risk management. London:
Kogan Page. Hubbard, D. W., & Seiersen, R. (2016). How to Measure Anything in
Cybersecurity Risk. Hoboken, New Jersey: John Wiley & Sons Inc. Shostack, A.
(2009, August 27). Microsoft SDL Blog . Retrieved from The threats to our
products.
4 months ago
1950
HELPFUL RESOURCES
THREAT MODELING MANIFESTO
A guideline on the core values and principles of threat modeling
OWASP THREAT MODELING PROJECT
A documentation project focusing on threat modeling techniques
IRIUSRISK COMMUNITY EDITION
A free threat modeling automation tool created by IriusRisk
NEW TO THE COMMUNITY?
MEET AND GREET
FAQS
COMMUNITY GUIDELINES
Powered by inSided
Terms and Conditions and PrivacyCookie settings
COMMUNITY
* Who We Are
* Community Guidelines
* Join Us
FORUM
* Best Practices
* Inspiration & Connection
* Ask the Community
ARTICLES
* Methodology
* Building a Threat Modeling Program
* Prioritization & Mitigation
* Stakeholder Engagement
* Success & Measurement
EVENTS
* Upcoming Events
RESOURCES
* Threat Modeling Manifesto
* OWASP Threat Modeling Project
* IriusRisk Community Edition
Powered By
2022 Threat Modeling Connect. All Rights Reserved.
Powered by inSided
Terms & Conditions & PolicyCookie settings
JOIN THE COMMUNITY
Already have an account? Login
Log in with LinkedIn
Log in with Google
or
Username *
E-mail address *
First Name
(Private)
Only you and moderators can see this information
*
Last Name
(Private)
Only you and moderators can see this information
*
Company
(Private)
Only you and moderators can see this information
*
Role *
I am a developer, DevOps engineer, or other technical team memberI am a security
engineer, security architect, or other security team memberI am a technical team
leaderI am a product managerI am a business leaderI am a cybersecurity leaderI
am a governance and compliance leaderI am a studentOther
Country *
Aaland IslandsAfghanistanAlbaniaAlgeriaAmerican
SamoaAndorraAngolaAnguillaAntarcticaAntigua And
BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBosnia
and HerzegowinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBrunei
DarussalamBulgariaBurkina FasoBurundiCambodiaCameroonCanadaCape VerdeCayman
IslandsCentral African RepublicChadChileChinaChristmas IslandCocos (Keeling)
IslandsColombiaComorosCongoCook IslandsCosta RicaCote
D'IvoireCroatiaCubaCyprusCzech RepublicDenmarkDjiboutiDominicaDominican
RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEthiopiaFalkland
Islands (Malvinas)Faroe IslandsFijiFinlandFranceFrench GuianaFrench
PolynesiaFrench Southern
TerritoriesGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuineaGuinea-BissauGuyanaHaitiHondurasHong
KongHungaryIcelandIndiaIndonesiaIranIraqIrelandIsraelItalyJamaicaJapanJordanKazakhstanKenyaKiribatiKuwaitKyrgyzstanLaosLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacauMacedoniaMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall
IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesiaMoldovaMonacoMongoliaMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNetherlands
AntillesNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorfolk IslandNorth
KoreaNorthern Mariana IslandsNorwayOmanOtherPakistanPalauPalestinaPanamaPapua
New GuineaParaguayPeruPhilippinesPitcairnPolandPortugalPuerto
RicoQatarReunionRomaniaRussian FederationRwandaSaint HelenaSaint Kitts and
NevisSaint LuciaSaint Pierre and MiquelonSaint Vincent and the
GrenadinesSamoaSan MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbia and
MontenegroSeychellesSierra LeoneSingaporeSlovak RepublicSlovakiaSloveniaSolomon
IslandsSomaliaSouth AfricaSouth KoreaSpainSri
LankaSudanSurinameSwazilandSwedenSwitzerlandSyrian Arab
RepublicTaiwanTajikistanTanzaniaThailandTimor-LesteTogoTokelauTongaTrinidad and
TobagoTunisiaTurkeyTurkmenistanTurks and Caicos IslandsTuvaluUgandaUkraineUnited
Arab EmiratesUnited KingdomUnited StatesUnited States Minor Outlying
IslandsUruguayUzbekistanVanuatuVatican City State (Holy See)VenezuelaViet
NamVirgin Islands (British)Virgin Islands (U.S.)Wallis and Futuna IslandsWestern
SaharaYemenZambiaZimbabwe
Experience in Threat Modeling *
Getting started! (under 1 year) 1-5 years 6+ years
source
medium
campaign
search engine
Password *
I accept the terms & conditions
loginBox.register.email_repeat
Register
LOG IN
Log in with LinkedIn
Log in with Google
or
Username or Email Address
Password
Remember me
Forgot password?
Log in
CREATE YOUR ACCOUNT
Not a member yet? Become a member to join forum discussions, participate in
community events and apply to write articles.
Create an account
Enter your username or e-mail address. We'll send you an e-mail with
instructions to reset your password.
Username or e-mail
Send
Back to overview
SCANNING FILE FOR VIRUSES.
Sorry, we're still checking this file's contents to make sure it's safe to
download. Please try again in a few minutes.
OK
THIS FILE CANNOT BE DOWNLOADED
Sorry, our virus scanner detected that this file isn't safe to download.
OK