threat-modeling
Installation
SKILL.md
Threat Modeling
Threat Modeling Methodologies
STRIDE
STRIDE is a threat modeling framework developed by Microsoft that categorizes threats into six categories:
-
Spoofing: Impersonating something or someone else
- Examples: Fake authentication tokens, DNS spoofing, email spoofing
- Controls: Strong authentication, certificate validation, anti-spoofing measures
-
Tampering: Modifying data or code without authorization
- Examples: Man-in-the-middle attacks, code injection, data tampering
- Controls: Digital signatures, integrity checks, secure communication channels
-
Repudiation: Denying having performed an action
- Examples: Denying a transaction, denying access to resources
- Controls: Audit logging, non-repudiation services, digital signatures