Loading...
Loading...
Conduct threat modeling using STRIDE methodology. Identify threats, assess risks, and design security controls. Use when designing secure systems or assessing application security.
npx skill4agent add bagelhole/devops-security-agent-skills threat-modeling| Threat | Description | Mitigation |
|---|---|---|
| Spoofing | Pretending to be someone else | Authentication |
| Tampering | Modifying data | Integrity controls |
| Repudiation | Denying actions | Audit logging |
| Information Disclosure | Data exposure | Encryption |
| Denial of Service | Making service unavailable | Rate limiting |
| Elevation of Privilege | Gaining higher access | Authorization |
steps:
1_scope:
- Define system boundaries
- Identify assets
- Document data flows
2_diagram:
- Create data flow diagrams
- Identify trust boundaries
- Mark entry points
3_identify:
- Apply STRIDE to each component
- List potential threats
- Document attack vectors
4_assess:
- Rate likelihood and impact
- Prioritize by risk score
5_mitigate:
- Design countermeasures
- Accept/transfer risks
- Document decisions[External User] --> |HTTPS| --> [Load Balancer]
|
v
[Web Server]
|
[Trust Boundary]
|
v
[App Server] --> [Database]threat:
id: T001
name: SQL Injection
category: Tampering
component: Database queries
likelihood: High
impact: Critical
mitigations:
- Parameterized queries
- Input validation
- WAF rules
status: Mitigated