S1E05 - Threat Modeling

Welcome to the Boring AppSec Podcast! In Episode 5, we dig deep into what threat modeling is from a practitioner's perspective. We compare it with design reviews and discuss when/how/why of threat modeling. In the end, we wrap up by talking about how Gen AI could help threat modeling significantly.

References:

We will try and add information about all the references we make here. Please enter rabbit holes at will :) 

• Threat modeling manifesto - Threatmodelingmanifesto.org

• STRIDE framework - https://en.wikipedia.org/wiki/STRIDE_(security) 

• Tools for threat modeling

• ⁠https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool⁠
• ⁠https://www.iriusrisk.com/threat-modeling/freemium⁠
• ⁠https://owasp.org/www-project-threat-dragon/⁠
• ⁠https://excalidraw.com/⁠
• ⁠https://www.securitycompass.com/sdelements/⁠

• Talks on threat modeling
• https://www.youtube.com/watch?v=KGy_KCRUGd4⁠ 
• ⁠https://www.youtube.com/watch?v=wVSyqFdO-D8⁠ 

• Articles - https://www.scaletozero.com/episodes/understanding-threat-modeling-with-jeevan-singh/ 
• Gen AI related threat modeling tools/companies
• Stride GPT- https://stridegpt.streamlit.app/
• Nullify - https://www.nullify.ai/
• Remysec - https://www.remysec.com/
• Seezo - https://seezo.io/

• https://www.sarahtavel.com/p/ai-startups-sell-work-not-software 
• https://github.com/captn3m0/ideas 

Contacting Anshuman

1. LinkedIn: ⁠⁠⁠⁠⁠https://www.linkedin.com/in/anshumanbhartiya/⁠⁠⁠⁠⁠ 
2. Twitter: ⁠⁠⁠⁠⁠https://twitter.com/anshuman_bh⁠⁠⁠⁠⁠ 
3. Website: ⁠⁠⁠⁠⁠https://anshumanbhartiya.com/⁠⁠⁠⁠⁠
4. Instagram: ⁠⁠⁠⁠https://www.instagram.com/anshuman.bhartiya/⁠⁠⁠⁠ 
5. YouTube: ⁠⁠⁠⁠https://www.youtube.com/@AnshumanBhartiya⁠⁠⁠⁠   

Contacting Sandesh

1. LinkedIn: ⁠⁠⁠⁠⁠https://www.linkedin.com/in/anandsandesh/⁠⁠⁠⁠⁠ 
2. Twitter: ⁠⁠⁠⁠⁠https://twitter.com/JubbaOnJeans/⁠⁠⁠⁠⁠ 
3. Website: ⁠⁠⁠⁠⁠https://boringappsec.substack.com/⁠⁠⁠⁠⁠