Threat Model Reference Guide

June 30, 2019

An up to date collection of useful conference talks, articles, tools, resources and books to learn different Threat Modeling techniques.

Conference Talks

Rapid Threat Modeling - Akshay Aggarwal - Blackhat USA (2005)
Elevation of Privilege: The easy way to threat model - Adam Shostack - Blackhat (2010)
Threat Modeling Best Practices - Robert Zigweid - AppSecUSA (2010)
Threat Modeling: Lessons from Star Wars - Adam Shostack - Brucon (2014)
Incremental Threat Modeling - Irene Michlin - AppSecEU (2017)
Threat Modeling with PASTA - Tony UcedaVelez - AppSecEU (2017)
Value Driven Threat Modeling - Avi Douglen - AppSecUSA (2018)
Threat Modeling Toolkit - Jonathan Marcil - AppSecCali (2018)
Lessons From The Threat Modeling Trenches - Brook Schoenfield - AppSecCali (2018)
Threat Model as Code - Abhay Bhargav - AppSecUSA (2018)
Threat Modeling at speed and scale - Stuart Winter-Tear - DevSecCon London (2018)
Threat Modeling: uncover vulnerabilities without looking at code - Chris Romeo - NDC (2018)
Threat Modeling in 2018 - Adam Shostack - Blackhat USA (2018)
Threat Modeling in 2019 - Adam Shostack - RSA Conference (2019)
Offensive Threat Models Against the Supply Chain - Tony UcedaVelez - AppSecCali (2019)
Threat Model Every Story: Practical Continuous Threat Modeling Work for Your Team - Izar Tarandach - AppSecCali (2019)
Game On! Adding Privacy to Threat Modeling - Adam Shostack, Mark Vinkovits - AppSecCali (2019)