threat-modeling
Safeguard articles tagged "threat-modeling" — guides, analysis, and best practices for software supply chain and application security.
29 articles
Application Security Architecture: Design Patterns That Hold Up
Good application security architecture is a small set of repeatable patterns — trust boundaries, defense in depth, least privilege — applied consistently, not a document nobody reads.
MITRE ATT&CK Framework
MITRE ATT&CK maps 200+ attacker techniques, but runtime tools like Aqua only catch supply chain compromise after deployment. Here's the build-time gap and how to close it.
Why LLMs Are Structurally Insecure (and What That Means for Your Pipeline)
Language models are not insecure because of a bug you can patch. They are insecure by construction — non-deterministic, context-poisonable, and unreproducible. Here is how to reason about them without pretending otherwise.
What is Threat Modeling
Threat modeling finds the design flaws scanners can't see. Learn what it is, when to do it, and how Safeguard ties it to reachability analysis.
MCP Server Sandbox Escapes: Threat Model
A threat model for sandbox escapes in Model Context Protocol servers, mapping attack surfaces from tool execution environments to host processes and shared state.
The Supply Chain Attack Kill Chain: A Framework for Defense
We propose a kill chain framework specific to software supply chain attacks, mapping attacker techniques to defensive controls at each stage.
What is a Trust Boundary
A trust boundary is where data crosses into a higher-privilege context and must be verified. Learn where they hide and how breaches like Log4Shell exploited them.
Business logic vulnerabilities explained
A business logic vulnerability breaks your app's rules, not its code. See how Starbucks, Shopify, and the DAO were exploited -- and how to detect and prevent it.
The Security Development Lifecycle (SDL): A Working Guide
The SDL turned security from a pre-release audit into a discipline applied at every phase of building software. What the lifecycle actually contains, where it came from, and how to run it without a Microsoft-sized team.
Why Autonomous Coding Agents Need Their Own Threat Model
Coding agents run with real credentials and no pause button. Here is the threat model that treats them as autonomous infrastructure, not junior developers.
The Threat Modeling Process, Step by Step
Threat modeling answers four questions: what are we building, what can go wrong, what are we doing about it, and did we do enough? A concrete step-by-step process your team can run in an afternoon.
A Threat Model Example, Walked Through Step by Step
The fastest way to understand threat modeling is to watch one built end to end — this walks through a real threat model example for a simple login and payment flow.