Why You Should do Threat Modeling to Protect Your APIs

Why You Should do Threat Modeling to Protect Your APIs

When it comes to protecting your attack surface, there’s hardly anything more challenging than APIs. After all, APIs are your way of granting public access to data you’re responsible for protecting. And if you’re going to have a public-facing door to your data, you’d...
Cybersecurity Tool Bloat—Yeah it’s a Thing

Cybersecurity Tool Bloat—Yeah it’s a Thing

Listen to any cybersecurity tool vendor and they’ll try to convince you of two things. You need their type of product for protection and theirs is the best of breed. And most of them can be very persuasive. The result? Lots of unused (and often unneeded) security...
A Quick Overview of When to Threat Model

A Quick Overview of When to Threat Model

It’s easy to think of threat modeling as something developers do during the DevOps process to ensure a safe application. And that’s certainly true. To that end, threat modeling is something you do when developing an application. But that’s not the only time you should...
How Threat Modeling Can Help Minimize Your Application’s Blast Radius

How Threat Modeling Can Help Minimize Your Application’s Blast Radius

Any piece of code can have a vulnerability. Whether application code or infrastructure code, errors, oversights and misconfigurations happen. The question developers must answer is, how many negative outcomes an attacker could realize because of that vulnerability....
ThreatModeler: Year in Review

ThreatModeler: Year in Review

As 2022 comes to an end, we’ve definitely seen some major themes emerge with regard to threat modeling. In this year in review, we discuss some of the more important ones. The Ever Expanding Scope of Threat Modeling Perhaps the most recurrent theme in 2022 was the...