Welcome to the Boring AppSec Podcast! In Episode 5, we dig deep into what threat modeling is from a practitioner's perspective. We compare it with design reviews and discuss when/how/why of threat modeling. In the end, we wrap up by talking about how Gen AI could help threat modeling significantly.

References:

We will try and add information about all the references we make here. Please enter rabbit holes at will :) 

• Threat modeling manifesto - Threatmodelingmanifesto.org

• STRIDE framework - https://en.wikipedia.org/wiki/STRIDE_(security) 

• Tools for threat modeling

• ⁠https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool⁠


• ⁠https://www.iriusrisk.com/threat-modeling/freemium⁠


• ⁠https://owasp.org/www-project-threat-dragon/⁠


• ⁠https://excalidraw.com/⁠


• ⁠https://www.securitycompass.com/sdelements/⁠

• Talks on threat modeling




• https://www.youtube.com/watch?v=KGy_KCRUGd4⁠ 


• ⁠https://www.youtube.com/watch?v=wVSyqFdO-D8⁠ 

• Articles - https://www.scaletozero.com/episodes/understanding-threat-modeling-with-jeevan-singh/ 


• Gen AI related threat modeling tools/companies




• Stride GPT- https://stridegpt.streamlit.app/


• Nullify - https://www.nullify.ai/


• Remysec - https://www.remysec.com/


• Seezo - https://seezo.io/

• https://www.sarahtavel.com/p/ai-startups-sell-work-not-software 


• https://github.com/captn3m0/ideas 

Contacting Anshuman

1. LinkedIn: ⁠⁠⁠⁠⁠https://www.linkedin.com/in/anshumanbhartiya/⁠⁠⁠⁠⁠ 


2. Twitter: ⁠⁠⁠⁠⁠https://twitter.com/anshuman_bh⁠⁠⁠⁠⁠ 


3. Website: ⁠⁠⁠⁠⁠https://anshumanbhartiya.com/⁠⁠⁠⁠⁠


4. Instagram: ⁠⁠⁠⁠https://www.instagram.com/anshuman.bhartiya/⁠⁠⁠⁠ 


5. YouTube: ⁠⁠⁠⁠https://www.youtube.com/@AnshumanBhartiya⁠⁠⁠⁠   

Contacting Sandesh

1. LinkedIn: ⁠⁠⁠⁠⁠https://www.linkedin.com/in/anandsandesh/⁠⁠⁠⁠⁠ 


2. Twitter: ⁠⁠⁠⁠⁠https://twitter.com/JubbaOnJeans/⁠⁠⁠⁠⁠ 


3. Website: ⁠⁠⁠⁠⁠https://boringappsec.substack.com/⁠⁠⁠⁠⁠