Safeguard
Tag

threat-modeling

Safeguard articles tagged "threat-modeling" — guides, analysis, and best practices for software supply chain and application security.

29 articles

DevSecOps

Secure SDLC: A Practical Guide to Embedding Security Gates in Every Phase

NIST finalized the Secure Software Development Framework in February 2022, yet most teams still bolt security on at release. Here's where the gates actually belong.

Jul 16, 20267 min read
DevSecOps

The secure SDLC implementation guide: gates for every phase

NIST's SSDF names four practice groups, but most teams bolt security onto one phase. Here's how to gate design, code, build, and release instead.

Jul 14, 20267 min read
AI Security

Threat-modeling for AI-native applications

STRIDE has six categories from 1999. OWASP's LLM Top 10 and MITRE ATLAS's ~84 techniques show why agentic AI needs new threat-modeling columns, not a new framework.

Jul 9, 20267 min read
Concepts

Data Flow Diagrams for Threat Modeling

A data flow diagram maps how data moves through a system and where trust changes — the foundation most threat modeling is built on. Here's how to draw one that actually surfaces threats.

Jul 6, 20267 min read
DevSecOps

Threat Modeling for Developers: A Lightweight Practical Guide

Threat modeling doesn't need a two-day workshop. A developer-friendly 2026 guide to modeling threats with the four-question framework and STRIDE — fast enough to run on a feature branch.

Jul 6, 20265 min read
Concepts

The Security Design Review: A Practical Guide

A security design review examines a system's architecture before it is built to find flaws that no code scanner can catch. Here's how to run one that finds real problems while they are still cheap to fix.

Jul 5, 20267 min read
Security Guides

OWASP A04: Insecure Design — A Deep-Dive Guide

Insecure Design is a new OWASP Top 10 (2021) category at #4. A deep dive into design flaws vs implementation bugs, threat modeling, real cases, and prevention.

Jul 2, 20267 min read
Concepts

Secure Design Principles Every Team Should Know

Secure design principles are the durable rules of thumb — least privilege, fail securely, defense in depth, secure defaults — that keep systems safe by construction rather than by patching. Here's the working set and how to apply them.

Jul 2, 20267 min read
Concepts

Threat Modeling for Developers

Threat modeling doesn't have to be a heavyweight ceremony run by a separate security team. Here's how developers can fold lightweight, per-feature threat modeling directly into pull requests and sprint work.

Jul 2, 20267 min read
Concepts

Attack Surface Reduction: A Practical Guide

Attack surface reduction is the discipline of removing every input, interface, and privilege an attacker could reach that your system does not actually need. Here's how to inventory, shrink, and keep it small.

Jul 1, 20267 min read
Concepts

The STRIDE Methodology Explained

STRIDE is a threat-modeling mnemonic that turns a blank whiteboard into six specific questions: is this element vulnerable to Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, or Elevation of privilege? Here's how to apply it.

Jul 1, 20267 min read
Concepts

What Is Threat Modeling?

Threat modeling is the structured practice of asking what can go wrong with a system before you build it, then designing controls to match. Here's the four-question framework, how to run a session, and where it fits supply chain security.

Jul 1, 20267 min read
threat-modeling — Safeguard Blog