Resources
General
- 2023-01-04 ◦ OWASP Risk Rating Methodology | OWASP Foundation
- 2022-12-13 ◦ Threat Modeling Process | OWASP Foundation
- 2022-12-13 ◦ How to approach threat modeling | AWS Security Blog
- 2022-11-30 ◦ THREAT MODELING IN 2021 with Adam Shostack
- 2022-11-29 ◦ Threat Modeling - OWASP Cheat Sheet Series
- 2022-11-10 ◦ Threat Model Examples
STRIDE
- 2022-12-14 ◦ OWASP STRIDE reference sheets
- 2022-11-30 ◦ The STRIDE threat model with examples
- 2022-11-29 ◦ STRIDE Threat Modelling vs DREAD Threat Modelling
Blockchains
- 2022-11-21 ◦ [1903.03422] ABC: A Cryptocurrency-Focused Threat Modeling Framework
- 2022-11-21 ◦ Threat Modeling for the Blockchain — Howard Poston
Docker
- 2023-01-11 ◦ Docker Threat Model - CloudSecDocs
LLM systems
- 2026-07-02 ◦ Prompt Injection as Role Confusion (Ye et al.) — Prompt injection as a threat class for LLM-based systems: adversaries embed malicious instructions in low-privilege content (web pages, emails, tool outputs); the root mechanism is role confusion — models perceive roles by text style rather than structural tags, defeating instruction hierarchy defenses; role probes can detect the attack before generation