You need a game plan to bootstrap or improve your threat modeling practice. We will explain how to do this and will provide you with our Threat Modeling Playbook. This playbook provides the main steps to establish a threat modeling practice for every type of organization or development team, regardless of your size and maturity level.

We pulled together our Toreon threat modeling vision and strategy with OWASP best practices (like OWASP SAMM and the AppSec champion playbook) to create a ‘Threat modeling playbook’. The playbook shows you how to turn threat modeling into an established, reliable practice in your development teams and in the larger organization.

We released it in open source for everyone to use and improve upon. You can find our GitHub repository link below.

Try it with your own team or on a pilot project. And let us know how it works and how we can improve the playbook.

Having trouble seeing the video? Watch it on youtube.

Don’t have time to watch the video entirely? Then consult the slides via Slideshare

As strong believers in open source, active OWASP collaborators and to increase our impact beyond our Toreon customers we donate this threat modeling playbook to the community.

We have made our Toreon Threat Modeling Playbook available as markdown on our GitHub repository under the CC BY 4.0 license.