Threat Modeling Playbook
up your threat modeling game!
Threat Modeling Playbook
You need a game plan to bootstrap or improve your threat modeling practice. We will explain how to do this and will provide you with our Threat Modeling Playbook. This playbook provides the main steps to establish a threat modeling practice for every type of organization or development team, regardless of your size and maturity level.
We pulled together our Toreon threat modeling vision and strategy with OWASP best practices (like OWASP SAMM and the AppSec champion playbook) to create a ‘Threat modeling playbook’. The playbook shows you how to turn threat modeling into an established, reliable practice in your development teams and in the larger organization.
We released it in open source for everyone to use and improve upon. You can find our GitHub repository link below.
Get your copy
Try it with your own team or on a pilot project. And let us know how it works and how we can improve the playbook.

Check out our webinar of 10 September 2020
Having trouble seeing the video? Watch it on youtube.
Don’t have time to watch the video entirely? Then consult the slides via Slideshare
Visit our GitHub repository
As strong believers in open source, active OWASP collaborators and to increase our impact beyond our Toreon customers we donate this threat modeling playbook to the community.
We have made our Toreon Threat Modeling Playbook available as markdown on our GitHub repository under the CC BY 4.0 license.
Learn more about Threat Modeling
The latest Threat Modeling Insider features a guest article on the Four Principles to Accelerate Security at Scale by Dave…
Looking for the right threat modeling training? Here’s how to choose a practical, impactful course your team will actually use.
Discover how threat modeling can be a strategic approach to comply with the CRA while ensuring security by design across…