Habilidades stride-analysis-patterns
🛡️

stride-analysis-patterns

Seguro

Apply STRIDE Threat Modeling to Your Systems

También disponible en: wshobson

Security teams struggle to systematically identify threats in complex systems. This skill applies the proven STRIDE methodology to uncover spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege threats.

Soporta: Claude Codex Code(CC)
🥉 75 Bronce
1

Descargar el ZIP de la skill

2

Subir en Claude

Ve a Configuración → Capacidades → Skills → Subir skill

3

Activa y empieza a usar

Pruébalo

Usando "stride-analysis-patterns". Analyze a user login endpoint for STRIDE threats

Resultado esperado:

  • Spoofing: Credential stuffing attacks, session hijacking, token forgery
  • Tampering: Parameter manipulation, brute force attempts, SQL injection
  • Repudiation: Users denying login attempts, missing audit logs
  • Information Disclosure: Error messages revealing valid usernames, credential leakage
  • Denial of Service: Account lockout abuse, resource exhaustion
  • Elevation of Privilege: IDOR to access other user accounts, role manipulation

Usando "stride-analysis-patterns". Create a threat model summary for an e-commerce API

Resultado esperado:

  • Total threats identified: 24
  • Critical: 3 (SQL injection, payment data exposure, privilege escalation)
  • High: 8 (session hijacking, IDOR, CSRF, XSS, etc.)
  • Medium: 9 (logging gaps, rate limiting missing, etc.)
  • Low: 4 (minor information disclosure risks)
  • Top priority: Implement input validation, enable TLS 1.3, add comprehensive audit logging

Auditoría de seguridad

Seguro
v1 • 2/25/2026

All static analysis findings are false positives. The detected 'backtick execution' patterns are Markdown code fence delimiters (```), not Ruby shell commands. The 'hardcoded URLs' are educational reference links. The 'weak crypto' and 'ransomware' patterns are security education content, not actual implementations. This skill contains only documentation and Python code templates for learning threat modeling.

2
Archivos escaneados
692
Líneas analizadas
0
hallazgos
1
Auditorías totales
No se encontraron problemas de seguridad
Auditado por: claude

Puntuación de calidad

38
Arquitectura
100
Mantenibilidad
87
Contenido
50
Comunidad
100
Seguridad
100
Cumplimiento de la especificación

Lo que puedes crear

Security Architecture Review

Systematically analyze new system designs before implementation to identify and mitigate threats early in the development lifecycle.

Compliance Documentation

Generate comprehensive threat model documentation required for security audits, certifications, and regulatory compliance.

Developer Security Training

Train development teams on threat identification using structured STRIDE categories and real-world attack scenarios.

Prueba estos prompts

Basic STRIDE Analysis 
Analyze this system component using the STRIDE methodology: [describe component]. For each category (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege), identify at least two potential threats and suggest one mitigation for each.
Data Flow Diagram Analysis 
I have a system with these components and data flows: [describe DFD]. Identify all trust boundary crossings and analyze what STRIDE threats apply at each boundary. Prioritize threats by risk score (impact x likelihood).
Threat Model Document Generation 
Create a complete threat model document for [system name]. Include: system overview, data flow diagram description, asset inventory with sensitivity levels, full STRIDE analysis with threat tables, risk matrix, and prioritized recommendations with immediate, short-term, and long-term actions.
Security Review Questionnaire 
Generate a STRIDE-based security questionnaire for reviewing [type of system, e.g., 'REST API with user authentication']. For each STRIDE category, provide 4-5 specific questions that reveal potential vulnerabilities. Include space for answers and notes.

Mejores prácticas

  • Involve multiple stakeholders including security, development, and operations teams for comprehensive threat coverage
  • Update threat models regularly as system architecture evolves and new threats emerge
  • Prioritize threats by risk score (impact multiplied by likelihood) and focus remediation on critical items first

Evitar

  • Skipping STRIDE categories leads to missed threats - always analyze all six categories systematically
  • Creating threat models in isolation without team collaboration results in blind spots and incomplete analysis
  • Treating threat modeling as a one-time activity instead of maintaining it as a living document

Preguntas frecuentes

What is the STRIDE methodology?
STRIDE is a threat categorization model developed by Microsoft. It stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Each category helps identify specific types of security threats in a systematic way.
When should I perform threat modeling?
Perform threat modeling during system design before implementation, when making significant architecture changes, before major releases, and periodically for existing systems. Early threat modeling is most cost-effective.
Do I need security expertise to use this skill?
Basic security knowledge helps, but the structured STRIDE approach guides you through threat identification. The templates and questionnaires make it accessible to developers with limited security background.
How do I prioritize identified threats?
Use a risk matrix multiplying impact (Low=1 to Critical=4) by likelihood (Low=1 to Critical=4). Focus on Critical (12-16) and High (6-9) risk scores first. Consider business context and existing controls.
What deliverables should a threat model include?
A complete threat model includes: system description, data flow diagrams, trust boundaries, asset inventory, STRIDE analysis tables, risk assessments, and prioritized mitigation recommendations with timelines.
How often should threat models be updated?
Update threat models whenever system architecture changes, new features are added, after security incidents, or at least annually. Treat threat models as living documents that evolve with your system.

Detalles del desarrollador

Autor

sickn33

Licencia

MIT

Repositorio

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/stride-analysis-patterns

Ref.

main

Estructura de archivos

📁 resources/

📄 implementation-playbook.md

📄 SKILL.md