threat-modeling-expert

Sécurité & Conformité

"Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use for security architecture reviews, threat identification, and secure-by-design planning."

Documentation

Threat Modeling Expert

Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems.

Capabilities

STRIDE threat analysis
Attack tree construction
Data flow diagram analysis
Security requirement extraction
Risk prioritization and scoring
Mitigation strategy design
Security control mapping

Use this skill when

Designing new systems or features
Reviewing architecture for security gaps
Preparing for security audits
Identifying attack vectors
Prioritizing security investments
Creating security documentation
Training teams on security thinking

Do not use this skill when

You lack scope or authorization for security review
You need legal or compliance certification
You only need automated scanning without human review

Instructions

1.Define system scope and trust boundaries
2.Create data flow diagrams
3.Identify assets and entry points
4.Apply STRIDE to each component
5.Build attack trees for critical paths
6.Score and prioritize threats
7.Design mitigations
8.Document residual risks

Safety

Avoid storing sensitive details in threat models without access controls.
Keep threat models updated after architecture changes.

Best Practices

Involve developers in threat modeling sessions
Focus on data flows, not just components
Consider insider threats
Update threat models with architecture changes
Link threats to security requirements
Track mitigations to implementation
Review regularly, not just at design time

Compétences similaires

Explorez d'autres agents de la catégorie Sécurité & Conformité

Voir tout le catalogue

Metasploit Framework

This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.

VOIR LA FICHE

Active Directory Attacks

This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.

VOIR LA FICHE

IDOR Vulnerability Testing

This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications.

VOIR LA FICHE
Utiliser l'Agent threat-modeling-expert - Outil & Compétence IA | Skills Catalogue | Skills Catalogue