- OAuth 2.0 - https://datatracker.ietf.org/doc/html/rfc6819
- SSL - https://www.ssllabs.com/downloads/SSL_Threat_Model.png
- DNSSEC, DoT, and DoH - https://www.netmeister.org/blog/doh-dot-dnssec.html
- AMPS and SNAP Medical Systems - https://www.mitre.org/sites/default/files/publications/Playbook-for-Threat-Modeling-Medical-Devices.pdf (page 3 and 49)
- Kubernetes
- https://github.com/cncf/financial-user-group/tree/main/projects/k8s-threat-model
- https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF (page 5)
- https://cloudsecdocs.com/container_security/theory/threats/k8s_threat_model/
- https://github.com/accuknox/k8sthreatmodeling
- Trinity Wallet - https://github.com/juliocesarfort/public-pentesting-reports/tree/master/COMSATS_Islamabad-CyberSecurityLab
- Docker - https://cloudsecdocs.com/container_security/theory/threats/docker_threat_model/
- Container - https://github.com/krol3/container-security-checklist#container-threat-model
- Contact Tracing Application - https://www.linkedin.com/pulse/threat-modeling-contact-tracing-applications-jakub-kaluzny/
- Web Application - https://owasp.org/www-community/Threat_Modeling_Process by OWASP
- Mobile Applications
- Amazon S3 - https://controlcatalog.trustoncloud.com/dashboard/aws/s3#Data%20Flow%20Diagram
- Remote Work - https://www.fireeye.com/blog/executive-perspective/2020/03/remote-work-in-an-age-of-covid-19-threat-modeling-the-risks.html
- ROS 2 Robotic System
- Web-based User Feedback System - https://safecode.org/wp-content/uploads/2017/05/SAFECode_TM_Whitepaper.pdf (page 16)
- Authentication for the Internet of Things (IoT) - https://safecode.org/wp-content/uploads/2017/05/SAFECode_TM_Whitepaper.pdf (page 18)
- Supply Chain - https://www.youtube.com/watch?v=EHx_-u3JH8Q
- Password Storage Module (PSM) - https://owasp.org/www-pdf-archive//Secure_Password_Storage.pdf
- PCI - https://shostack.org/files/papers/A_PCI_Threat_Model_2020.pdf by Adam Shostack
- Certificate Transparency -https://datatracker.ietf.org/doc/html/draft-ietf-trans-threat-analysis-16
- Account Takeover (ATO) - https://raw.githubusercontent.com/magoo/ato-checklist/master/model.svg
- Password Managers - https://crypto.stanford.edu/~dabo/pubs/papers/pwdmgrBrowser.pdf (page 5)
- Future E-voting System - https://www.reversemode.com/2022/01/finding-vulnerabilities-in-swiss-posts.html?m=1#AttackSurface
- AWS Fargate - https://sysdig.com/blog/ecs-fargate-threat-modeling/
- Human - https://github.com/JWWeatherman/human_threat_model
- Smart Home - https://github.com/kkredit/smart-home-threat-model
- OpenStack
- Bitcoin - https://github.com/JWWeatherman/bitcoin_security_threat_model
- Cloud Computing
- IoT Devices - https://www.psacertified.org/development-resources/building-in-security/threat-models/
- Asset Tracker
- Smart Water
- Network Camera
- CI/CD Pipeline
- Firmware
-
Notifications
You must be signed in to change notification settings - Fork 55
TalEliyahu/Threat_Model_Examples
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
Collection of Threat Models
Topics
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published