threat-modeling
SKILL.md
Threat Modeling
Identify and mitigate security threats during system design.
STRIDE Methodology
| Threat | Description | Mitigation |
|---|---|---|
| Spoofing | Pretending to be someone else | Authentication |
| Tampering | Modifying data | Integrity controls |
| Repudiation | Denying actions | Audit logging |
| Information Disclosure | Data exposure | Encryption |
| Denial of Service | Making service unavailable | Rate limiting |
| Elevation of Privilege | Gaining higher access | Authorization |
Process
steps:
1_scope:
- Define system boundaries
- Identify assets
- Document data flows
2_diagram:
- Create data flow diagrams
- Identify trust boundaries
- Mark entry points
3_identify:
- Apply STRIDE to each component
- List potential threats
- Document attack vectors
4_assess:
- Rate likelihood and impact
- Prioritize by risk score
5_mitigate:
- Design countermeasures
- Accept/transfer risks
- Document decisions
Data Flow Diagram
[External User] --> |HTTPS| --> [Load Balancer]
|
v
[Web Server]
|
[Trust Boundary]
|
v
[App Server] --> [Database]
Threat Cards
threat:
id: T001
name: SQL Injection
category: Tampering
component: Database queries
likelihood: High
impact: Critical
mitigations:
- Parameterized queries
- Input validation
- WAF rules
status: Mitigated
Best Practices
- Integrate into SDLC
- Review on architecture changes
- Include development team
- Document all decisions
- Regular reassessment
Related Skills
- sast-scanning - Code analysis
- penetration-testing - Validation
Weekly Installs
12
Repository
bagelhole/devop…t-skillsGitHub Stars
13
First Seen
Feb 4, 2026
Security Audits
Installed on
opencode12
codex12
claude-code11
github-copilot11
kimi-cli11
gemini-cli11