Awesome Threat Modelling: A Curated List of Security Resources

Awesome Threat Modelling: A Curated List of Security Resources

Summary

Awesome Threat Modelling is a comprehensive GitHub repository offering a curated list of resources for learning and practicing threat modeling. It includes books, courses, videos, tools, and tutorials, making it an invaluable guide for anyone interested in security review and DevSecOps. This repository serves as an excellent starting point for both beginners and experienced professionals looking to enhance their security understanding.

Repository Info

Updated on February 26, 2026
View on GitHub

Tags

threat-modelingappsecdevsecopssecurity-reviewawesome-listDockerfilesecurityresources

Click on any tag to explore related repositories

Introduction

The awesome-threat-modelling repository, maintained by hysnsec, is an extensive collection of resources dedicated to threat modeling. It aims to provide a centralized hub for anyone looking to learn or deepen their understanding of threat modeling and initial phases of security review. The list is carefully curated, covering a wide range of materials from foundational concepts to practical tools and real-world examples.

How to Use

To leverage the wealth of information in Awesome Threat Modelling, simply navigate to the repository's README.md file on GitHub. The README is meticulously organized into sections such as Fundamentals, Books, Courses (free and paid), Videos, Tutorials and Blogs, Threat Model Examples, and Tools. You can browse these sections to find relevant resources based on your learning needs or specific interests in threat modeling. Contributions are also welcome, allowing the community to continuously improve and expand this valuable resource.

Examples

The repository offers a diverse set of examples across various categories:

  • Books: Includes essential reads like "Threat Modeling: Designing for Security" by Adam Shostack and "Threat Modeling" by Frank Swiderski.
  • Courses: Features free options such as "Threat Modeling Security Fundamentals" by Microsoft and paid certifications like "Certified Threat Modeling Professional" by Practical DevSecOps.
  • Tools: Showcases open-source tools like OWASP Threat Dragon and Microsoft Threat Modeling Tool, alongside commercial solutions like Iriusrisk.
  • Threat Model Examples: Provides practical insights with examples like the "OAuth 2.0 Threat Model and Security Considerations" and the "Kubernetes Threat Model."

Why Use Awesome Threat Modelling?

This repository is an indispensable resource for several reasons. It consolidates a vast amount of information, saving users time and effort in searching for reliable threat modeling materials. The curated nature ensures quality and relevance, while the categorization makes it easy to find specific types of resources. Whether you are a student, a developer, a security analyst, or a DevSecOps engineer, awesome-threat-modelling provides a structured pathway to enhance your skills in identifying, understanding, and mitigating security threats in software and systems.

Links