White Papers

Go deeper with our comprehensive white papers

Featured: Process Flow Diagrams (PFDs) vs. Data Flow Diagrams (DFDs) in the Modern Threat Modeling Arena

Data flow diagrams (DFDs) have been the de facto approach to threat modeling in the Information Security profession. As IT development has moved towards rapid iterative modular development and deployment, the flaws that result from using DFDs have become painfully obvious. This white paper looks at some flaws and the advantages of moving to a more mature Process Flow Diagram (PFD) approach to threat modeling as a solution.

Some of the most valuable key points discussed are:

  • Engineering security into the early phases of an ever increasingly fast SDLC (proactive) rather than finding flaws to fix at the end (reactive).
  • Leveraging PFD-driven threat modeling, including in DevSecOps.
  • Using the Visual, Agile, Simple Threat Modeling (VAST) approach.
  • Overcoming False Positives, False Negatives and the False Sense of Security characteristic of DFD threat modeling.

ESG Report: Toward Threat Modeling As Code


ESG Report: DevSecOps Should Include Continuous Threat Modeling


451 Vanguard Report: Continuous, Cloud-Centric Threat Modeling Enables the Ultimate ‘Shift Everywhere’ Required by DevSecOps

Untitled Design (52)

DevSecOps Blueprint for Cybersecurity

5 Steps Cover

5 Steps to Building a Threat Modeling Program for The Cloud

7 Steps Cover

7 Steps for Building a Scalable Threat Modeling Process

Request a Live Demo

Automatically build threat models from code, with our proprietary, patent-pending feature