threat-modeling-expert

Sécurité & Conformité

"Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use for security architecture reviews, threat identification, and secure-by-design planning."

Documentation

Threat Modeling Expert

Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems.

Capabilities

STRIDE threat analysis
Attack tree construction
Data flow diagram analysis
Security requirement extraction
Risk prioritization and scoring
Mitigation strategy design
Security control mapping

Use this skill when

Designing new systems or features
Reviewing architecture for security gaps
Preparing for security audits
Identifying attack vectors
Prioritizing security investments
Creating security documentation
Training teams on security thinking

Do not use this skill when

You lack scope or authorization for security review
You need legal or compliance certification
You only need automated scanning without human review

Instructions

1.Define system scope and trust boundaries
2.Create data flow diagrams
3.Identify assets and entry points
4.Apply STRIDE to each component
5.Build attack trees for critical paths
6.Score and prioritize threats
7.Design mitigations
8.Document residual risks

Safety

Avoid storing sensitive details in threat models without access controls.
Keep threat models updated after architecture changes.

Best Practices

Involve developers in threat modeling sessions
Focus on data flows, not just components
Consider insider threats
Update threat models with architecture changes
Link threats to security requirements
Track mitigations to implementation
Review regularly, not just at design time

Compétences similaires

Explorez d'autres agents de la catégorie Sécurité & Conformité

Voir tout le catalogue

File Path Traversal Testing

This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vulnerabilities", or "access files outside web root". It provides comprehensive file path traversal attack and testing methodologies.

VOIR LA FICHE

Ethical Hacking Methodology

This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct security scanning", "exploit vulnerabilities", or "write penetration test reports". It provides comprehensive ethical hacking methodology and techniques.

VOIR LA FICHE

crypto-bd-agent

>

VOIR LA FICHE
Utiliser l'Agent threat-modeling-expert - Outil & Compétence IA | Skills Catalogue | Skills Catalogue