Compétences stride-analysis-patterns
🛡️

stride-analysis-patterns

Sûr

Apply STRIDE Threat Modeling to Your Systems

Également disponible depuis: wshobson

Security teams struggle to systematically identify threats in complex systems. This skill applies the proven STRIDE methodology to uncover spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege threats.

Prend en charge: Claude Codex Code(CC)
🥉 75 Bronze
1

Télécharger le ZIP du skill

2

Importer dans Claude

Allez dans Paramètres → Capacités → Skills → Importer un skill

3

Activez et commencez à utiliser

Tester

Utilisation de "stride-analysis-patterns". Analyze a user login endpoint for STRIDE threats

Résultat attendu:

  • Spoofing: Credential stuffing attacks, session hijacking, token forgery
  • Tampering: Parameter manipulation, brute force attempts, SQL injection
  • Repudiation: Users denying login attempts, missing audit logs
  • Information Disclosure: Error messages revealing valid usernames, credential leakage
  • Denial of Service: Account lockout abuse, resource exhaustion
  • Elevation of Privilege: IDOR to access other user accounts, role manipulation

Utilisation de "stride-analysis-patterns". Create a threat model summary for an e-commerce API

Résultat attendu:

  • Total threats identified: 24
  • Critical: 3 (SQL injection, payment data exposure, privilege escalation)
  • High: 8 (session hijacking, IDOR, CSRF, XSS, etc.)
  • Medium: 9 (logging gaps, rate limiting missing, etc.)
  • Low: 4 (minor information disclosure risks)
  • Top priority: Implement input validation, enable TLS 1.3, add comprehensive audit logging

Audit de sécurité

Sûr
v1 • 2/25/2026

All static analysis findings are false positives. The detected 'backtick execution' patterns are Markdown code fence delimiters (```), not Ruby shell commands. The 'hardcoded URLs' are educational reference links. The 'weak crypto' and 'ransomware' patterns are security education content, not actual implementations. This skill contains only documentation and Python code templates for learning threat modeling.

2
Fichiers analysés
692
Lignes analysées
0
résultats
1
Total des audits
Aucun problème de sécurité trouvé
Audité par: claude

Score de qualité

38
Architecture
100
Maintenabilité
87
Contenu
50
Communauté
100
Sécurité
100
Conformité aux spécifications

Ce que vous pouvez construire

Security Architecture Review

Systematically analyze new system designs before implementation to identify and mitigate threats early in the development lifecycle.

Compliance Documentation

Generate comprehensive threat model documentation required for security audits, certifications, and regulatory compliance.

Developer Security Training

Train development teams on threat identification using structured STRIDE categories and real-world attack scenarios.

Essayez ces prompts

Basic STRIDE Analysis 
Analyze this system component using the STRIDE methodology: [describe component]. For each category (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege), identify at least two potential threats and suggest one mitigation for each.
Data Flow Diagram Analysis 
I have a system with these components and data flows: [describe DFD]. Identify all trust boundary crossings and analyze what STRIDE threats apply at each boundary. Prioritize threats by risk score (impact x likelihood).
Threat Model Document Generation 
Create a complete threat model document for [system name]. Include: system overview, data flow diagram description, asset inventory with sensitivity levels, full STRIDE analysis with threat tables, risk matrix, and prioritized recommendations with immediate, short-term, and long-term actions.
Security Review Questionnaire 
Generate a STRIDE-based security questionnaire for reviewing [type of system, e.g., 'REST API with user authentication']. For each STRIDE category, provide 4-5 specific questions that reveal potential vulnerabilities. Include space for answers and notes.

Bonnes pratiques

  • Involve multiple stakeholders including security, development, and operations teams for comprehensive threat coverage
  • Update threat models regularly as system architecture evolves and new threats emerge
  • Prioritize threats by risk score (impact multiplied by likelihood) and focus remediation on critical items first

Éviter

  • Skipping STRIDE categories leads to missed threats - always analyze all six categories systematically
  • Creating threat models in isolation without team collaboration results in blind spots and incomplete analysis
  • Treating threat modeling as a one-time activity instead of maintaining it as a living document

Foire aux questions

What is the STRIDE methodology?
STRIDE is a threat categorization model developed by Microsoft. It stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Each category helps identify specific types of security threats in a systematic way.
When should I perform threat modeling?
Perform threat modeling during system design before implementation, when making significant architecture changes, before major releases, and periodically for existing systems. Early threat modeling is most cost-effective.
Do I need security expertise to use this skill?
Basic security knowledge helps, but the structured STRIDE approach guides you through threat identification. The templates and questionnaires make it accessible to developers with limited security background.
How do I prioritize identified threats?
Use a risk matrix multiplying impact (Low=1 to Critical=4) by likelihood (Low=1 to Critical=4). Focus on Critical (12-16) and High (6-9) risk scores first. Consider business context and existing controls.
What deliverables should a threat model include?
A complete threat model includes: system description, data flow diagrams, trust boundaries, asset inventory, STRIDE analysis tables, risk assessments, and prioritized mitigation recommendations with timelines.
How often should threat models be updated?
Update threat models whenever system architecture changes, new features are added, after security incidents, or at least annually. Treat threat models as living documents that evolve with your system.

Détails du développeur

Auteur

sickn33

Licence

MIT

Dépôt

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/stride-analysis-patterns

Réf

main

Structure de fichiers

📁 resources/

📄 implementation-playbook.md

📄 SKILL.md