threat-modeling
Installation
SKILL.md
Threat Modeling (STRIDE)
Workflow
- Scope — Identify the system boundary, assets (PII, credentials, payments), and availability requirements (SLO/SLA).
- Data Flow Diagram — Map actors, entry points, data stores, and external dependencies. Mark trust boundaries (public internet → edge → internal → database → third-party).
- STRIDE per element — For each element in the diagram, walk through all six STRIDE categories (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) and record threats.
- Risk score — Rate each threat by Impact (Low/Med/High) and Likelihood (Low/Med/High). Prioritize High-impact + Med/High-likelihood items first.
- Mitigate — Convert each prioritized threat into engineering tasks, verification tasks (tests, alerts), and operational controls (runbooks, access reviews).
- Tickets and tests — Create backlog items for mitigations and add abuse-case tests for critical flows. Add PR checklist items for ongoing verification.
Example: Threat Register Row
| Element | STRIDE | Threat | Impact | Likelihood | Mitigation | Owner | Status |
|---|---|---|---|---|---|---|---|
| API Gateway | Spoofing | Stolen JWT reuse after session revocation | High | Med | Short-lived tokens (15 min TTL), refresh rotation, revocation list check on each request | Security | Open |
This single row drives three artifacts: an engineering ticket (implement revocation-list middleware), a test (verify revoked token returns 401 within TTL window), and a PR checklist item (authz checks for new endpoints).