Add a guide on threat modeling by Elchi3 · Pull Request #42980 · mdn/content

Elchi3 · 2026-01-30T16:00:16Z

This PR creates 3 new pages on threat modeling.

An introduction on how to do (lightweight) threat modeling for a web site
An introduction to threat modeling frameworks and tools (STRIDE and LINDDUN)
An example threat modeling document for a blog

github-actions · 2026-01-30T16:01:40Z

Preview URLs (3 pages)

Flaws (2)

Note! 2 documents with no flaws that don't need to be listed. 🎉

Found an unexpected or unresolvable flaw? Please report it here.

URL: /en-US/docs/Web/Security/Threat_modeling/Frameworks
Title: Threat modeling frameworks and tools
Flaw count: 2

broken_links:
- Link /en-US/docs/Web/Security/Threat_modeling/ is a redirect
- Link /en-US/docs/Web/Security/Threat_modeling/ is a redirect

External URLs (22)

URL: /en-US/docs/Web/Security/Threat_modeling
Title: Threat modeling

https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html (1 time) (Note! This may be a new URL 👀)
https://github.com/OWASP/threat-modeling-playbook (1 time) (Note! This may be a new URL 👀)
https://owasp.org/Top10/2025/ (1 time) (Note! This may be a new URL 👀)
https://w3c.github.io/threat-model-web/ (3 times) (Note! This may be a new URL 👀)
https://w3c.github.io/threat-modeling-guide/ (2 times) (Note! This may be a new URL 👀)
https://www.threatmodelingmanifesto.org (4 times) (Note! This may be a new URL 👀)

URL: /en-US/docs/Web/Security/Threat_modeling/Example_threat_model
Title: Example threat model

https://w3c.github.io/threat-model-web/ (1 time) (Note! This may be a new URL 👀)

URL: /en-US/docs/Web/Security/Threat_modeling/Frameworks
Title: Threat modeling frameworks and tools

https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html (1 time) (Note! This may be a new URL 👀)
https://datatracker.ietf.org/doc/html/rfc3552 (1 time) (Note! This may be a new URL 👀)
https://datatracker.ietf.org/doc/html/rfc6973 (1 time) (Note! This may be a new URL 👀)
https://datatracker.ietf.org/doc/rfc9620/ (1 time) (Note! This may be a new URL 👀)
https://en.wikipedia.org/wiki/STRIDE_model (1 time) (Note! This may be a new URL 👀)
https://github.com/OWASP/threat-modeling-playbook (1 time) (Note! This may be a new URL 👀)
https://github.com/defuse/ictm (1 time) (Note! This may be a new URL 👀)
https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool (1 time) (Note! This may be a new URL 👀)
https://linddun.org (1 time) (Note! This may be a new URL 👀)
https://owasp.org/www-project-threat-dragon/ (1 time) (Note! This may be a new URL 👀)
https://w3c.github.io/threat-model-web/ (1 time) (Note! This may be a new URL 👀)
https://w3c.github.io/threat-modeling-guide/ (1 time) (Note! This may be a new URL 👀)
https://w3ctag.github.io/ethical-web-principles/ (1 time) (Note! This may be a new URL 👀)
https://www.threatmodelingmanifesto.org (2 times) (Note! This may be a new URL 👀)
https://www.w3.org/TR/security-privacy-questionnaire/ (1 time) (Note! This may be a new URL 👀)

(comment last updated: 2026-04-13 14:02:58)

github-actions · 2026-02-10T09:18:15Z

This pull request has merge conflicts that must be resolved before it can be merged.

simoneonofri

Hi, I really like the flow of the document. Thank you for your hard work. I've added a first round of comments

estelle

Submitting the feedback i have thus far...

Co-authored-by: Estelle Weyl <[email protected]> Co-authored-by: Simone Onofri <[email protected]>

Co-authored-by: Simone Onofri <[email protected]> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Co-authored-by: Estelle Weyl <[email protected]>

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Co-authored-by: Estelle Weyl <[email protected]>

Co-authored-by: Hamish Willee <[email protected]> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Elchi3 · 2026-04-09T14:47:16Z

I've given this another pass, and I think it is in a state where it could land? Thanks again to Estelle for suggesting to split off STRIDE and LINDDUN to a separate page and thanks to Simone for the technical review!

@hamishwillee what do you think?

hamishwillee

The structure is much improved by splitting out the frameworks. I have given this a quick re-scan only - just highlighted a few grammatical nits. Approving as it is in a pretty good state. Not merging, because others might have further comments.

Co-authored-by: Hamish Willee <[email protected]>

github-actions bot added Content:Security Security docs size/m [PR only] 51-500 LoC changed labels Jan 30, 2026

github-actions bot added the merge conflicts 🚧 [PR only] label Feb 10, 2026

Add a guide on threat modeling

c40605c

Elchi3 force-pushed the threat-modeling branch from 641a618 to c40605c Compare February 16, 2026 11:35

github-actions bot removed the merge conflicts 🚧 [PR only] label Feb 16, 2026

Elchi3 added 2 commits February 19, 2026 16:50

more work on threat modeling main guide

5edb2a5

Add example threat model

34cc851

github-actions bot added size/l [PR only] 501-1000 LoC changed and removed size/m [PR only] 51-500 LoC changed labels Feb 23, 2026

Elchi3 added 2 commits February 23, 2026 15:22

explain trust boundaries

707af5a

tweaks

b3e990b

Elchi3 mentioned this pull request Mar 4, 2026

Threat modeling for web developers w3c-cg/threat-modeling#18

Open

simoneonofri reviewed Mar 16, 2026

View reviewed changes

estelle reviewed Mar 16, 2026

View reviewed changes

Elchi3 and others added 13 commits March 23, 2026 14:23

Apply some suggestions on TM guide page

4ca8a9a

Co-authored-by: Estelle Weyl <[email protected]> Co-authored-by: Simone Onofri <[email protected]>

Add some linkage

0d5d9dd

Apply suggestions from code review

cf998b9

Co-authored-by: Simone Onofri <[email protected]> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Update TM description per Estelle and Simone

b7a5f2e

Rm whitespace

f9a2d53

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Apply some suggestions to example threat modeling page

19bde7b

Co-authored-by: Estelle Weyl <[email protected]>

Fix link to web platform threat model

412f099

Fix typo

7b1e87b

lint

74c05e3

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Remove threat map stub for now

8460317

Add rewording suggestion by Estelle

9970f80

Co-authored-by: Estelle Weyl <[email protected]>

Add developer and business owner to example tm (per Estelle)

75c96a4

Per Estelle: Make intro text a note on the example TM document

427e5a5