White Papers

Go deeper with our comprehensive white papers

Featured: Process Flow Diagrams (PFDs) vs. Data Flow Diagrams (DFDs) in the Modern Threat Modeling Arena

Data flow diagrams (DFDs) have been the de facto approach to threat modeling in the Information Security profession. As IT development has moved towards rapid iterative modular development and deployment, the flaws that result from using DFDs have become painfully obvious. This white paper looks at some flaws and the advantages of moving to a more mature Process Flow Diagram (PFD) approach to threat modeling as a solution.

Some of the most valuable key points discussed are:

  • Engineering security into the early phases of an ever increasingly fast SDLC (proactive) rather than finding flaws to fix at the end (reactive).
  • Leveraging PFD-driven threat modeling, including in DevSecOps.
  • Using the Visual, Agile, Simple Threat Modeling (VAST) approach.
  • Overcoming False Positives, False Negatives and the False Sense of Security characteristic of DFD threat modeling.
3

ESG Report: Toward Threat Modeling As Code

2

ESG Report: DevSecOps Should Include Continuous Threat Modeling

1

451 Vanguard Report: Continuous, Cloud-Centric Threat Modeling Enables the Ultimate ‘Shift Everywhere’ Required by DevSecOps

Untitled Design (52)

DevSecOps Blueprint for Cybersecurity

5 Steps Cover

5 Steps to Building a Threat Modeling Program for The Cloud

7 Steps Cover

7 Steps for Building a Scalable Threat Modeling Process

Request a Live Demo

Automatically build threat models from code, with our proprietary, patent-pending feature

THREATMODELER NEWS & BLOG

ThreatModeler

ThreatModeler revolutionizes threat modeling during the design phase by automatically analyzing potential attack surfaces. Harness our patented functionalities to make critical architectural decisions and fortify your security posture.

Learn more >

CloudModeler

Threat modeling remains essential even after deploying workloads, given the constantly evolving landscape of cloud development and digital transformation. CloudModeler not only connects to your live cloud environment but also accurately represents the current state, enabling precise modeling of your future state

Learn more >

IaC-Assist

DevOps Engineers can reclaim a full (security-driven) sprint with IAC-Assist, which streamlines the implementation of vital security policies by automatically generating threat models through its intuitive designer.

Learn more >