Threat Model Examples

• OAuth 2.0 - https://datatracker.ietf.org/doc/html/rfc6819
• SSL - https://www.ssllabs.com/downloads/SSL_Threat_Model.png
• DNSSEC, DoT, and DoH - https://www.netmeister.org/blog/doh-dot-dnssec.html
• AMPS and SNAP Medical Systems - https://www.mitre.org/sites/default/files/publications/Playbook-for-Threat-Modeling-Medical-Devices.pdf (page 3 and 49)
• Kubernetes
  • https://github.com/cncf/financial-user-group/tree/main/projects/k8s-threat-model
  • https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF (page 5)
  • https://cloudsecdocs.com/container_security/theory/threats/k8s_threat_model/
  • https://github.com/accuknox/k8sthreatmodeling
• Trinity Wallet - https://github.com/juliocesarfort/public-pentesting-reports/tree/master/COMSATS_Islamabad-CyberSecurityLab
• Docker - https://cloudsecdocs.com/container_security/theory/threats/docker_threat_model/
• Container - https://github.com/krol3/container-security-checklist#container-threat-model
• Contact Tracing Application - https://www.linkedin.com/pulse/threat-modeling-contact-tracing-applications-jakub-kaluzny/
• Web Application - https://owasp.org/www-community/Threat_Modeling_Process by OWASP
• Mobile Applications
  • https://www.synopsys.com/content/dam/synopsys/sig-assets/ebooks/developers-guide-securing-mobile-applications-threat-modeling.pdf by Synopsys
  • https://teamciso.com/2016/06/threat-modeling-a-mobile-application.html
• Amazon S3 - https://controlcatalog.trustoncloud.com/dashboard/aws/s3#Data%20Flow%20Diagram
• Remote Work - https://www.fireeye.com/blog/executive-perspective/2020/03/remote-work-in-an-age-of-covid-19-threat-modeling-the-risks.html
• ROS 2 Robotic System
  • https://design.ros2.org/articles/ros2_threat_model.html
  • MARA - https://github.com/AcutronicRobotics/MARA_threat_model
• Web-based User Feedback System - https://safecode.org/wp-content/uploads/2017/05/SAFECode_TM_Whitepaper.pdf (page 16)
• Authentication for the Internet of Things (IoT) - https://safecode.org/wp-content/uploads/2017/05/SAFECode_TM_Whitepaper.pdf (page 18)
• Supply Chain - https://www.youtube.com/watch?v=EHx_-u3JH8Q
• Password Storage Module (PSM) - https://owasp.org/www-pdf-archive//Secure_Password_Storage.pdf
• PCI - https://shostack.org/files/papers/A_PCI_Threat_Model_2020.pdf by Adam Shostack
• Certificate Transparency -https://datatracker.ietf.org/doc/html/draft-ietf-trans-threat-analysis-16
• Account Takeover (ATO) - https://raw.githubusercontent.com/magoo/ato-checklist/master/model.svg
• Password Managers - https://crypto.stanford.edu/~dabo/pubs/papers/pwdmgrBrowser.pdf (page 5)
• Future E-voting System - https://www.reversemode.com/2022/01/finding-vulnerabilities-in-swiss-posts.html?m=1#AttackSurface
• AWS Fargate - https://sysdig.com/blog/ecs-fargate-threat-modeling/
• Human - https://github.com/JWWeatherman/human_threat_model
• Smart Home - https://github.com/kkredit/smart-home-threat-model
• OpenStack
  • https://wiki.openstack.org/wiki/Security/Threat_Analysis
  • https://github.com/shohel02/OpenStack_Threat_Modelling/blob/master/Threat_modeling_process.md
• Bitcoin - https://github.com/JWWeatherman/bitcoin_security_threat_model
• Cloud Computing
  • https://www.enisa.europa.eu/publications/cloud-computing-risk-assessment/@@download/fullReport
  • https://github.com/nets4geeks/CCCTM_template
• IoT Devices - https://www.psacertified.org/development-resources/building-in-security/threat-models/
  • Asset Tracker
  • Smart Water 
  • Network Camera
• CI/CD Pipeline
  • https://github.com/rung/threat-matrix-cicd
  • https://github.com/cider-security-research/top-10-cicd-security-risks
• Firmware
  • https://github.com/bpoudel7/Firmware-Threat-Modeling-Template
  • https://tf-m-user-guide.trustedfirmware.org/docs/security/threat_models/generic_threat_model.html