home / skills / nickcrew / claude-cortex / threat-modeling-techniques
This skill helps you identify, assess, and mitigate security threats in system design using STRIDE, attack trees, and DREAD risk scoring.
npx playbooks add skill nickcrew/claude-cortex --skill threat-modeling-techniquesReview the files below or copy the command above to add this skill to your agents.
---
name: threat-modeling-techniques
description: Threat modeling methodologies using STRIDE, attack trees, and risk assessment for proactive security analysis. Use when designing secure systems, conducting security reviews, or identifying potential attack vectors in applications.
---
# Threat Modeling Techniques
Systematic framework for identifying, analyzing, and mitigating security threats during system design and architecture phases using proven methodologies like STRIDE, attack trees, and risk assessment frameworks.
## When to Use This Skill
- Designing new systems or features with security requirements
- Conducting security architecture reviews
- Identifying attack vectors and threat scenarios
- Assessing security risks before implementation
- Creating security requirements and controls
- Evaluating third-party integrations for security impact
- Planning security testing strategies
- Documenting security design decisions
- Training teams on proactive security thinking
- Supporting security compliance initiatives (SOC 2, ISO 27001)
## Core Process
**Five-Stage Threat Modeling Process:**
1. **Define** - Understand the system and create architecture diagrams
2. **Identify** - Enumerate threats using structured methodologies (STRIDE, attack trees)
3. **Assess** - Evaluate risk severity and likelihood (DREAD scoring)
4. **Mitigate** - Design controls and countermeasures
5. **Validate** - Review and test security controls
## Quick Reference
| Task | Load reference |
| --- | --- |
| STRIDE: Spoofing Identity | `skills/threat-modeling-techniques/references/stride-spoofing.md` |
| STRIDE: Tampering with Data | `skills/threat-modeling-techniques/references/stride-tampering.md` |
| STRIDE: Repudiation | `skills/threat-modeling-techniques/references/stride-repudiation.md` |
| STRIDE: Information Disclosure | `skills/threat-modeling-techniques/references/stride-disclosure.md` |
| STRIDE: Denial of Service | `skills/threat-modeling-techniques/references/stride-dos.md` |
| STRIDE: Elevation of Privilege | `skills/threat-modeling-techniques/references/stride-elevation.md` |
| Attack Trees | `skills/threat-modeling-techniques/references/attack-trees.md` |
| Data Flow Diagrams (DFD) | `skills/threat-modeling-techniques/references/data-flow-diagrams.md` |
| DREAD Risk Scoring | `skills/threat-modeling-techniques/references/dread-scoring.md` |
| Mitigation Strategies | `skills/threat-modeling-techniques/references/mitigation-strategies.md` |
| Tools & Process | `skills/threat-modeling-techniques/references/tools-and-process.md` |
## Core Concepts
### STRIDE Methodology
**STRIDE** categorizes threats into six types:
- **S**poofing: Pretending to be someone/something else (authentication bypass, credential theft)
- **T**ampering: Malicious modification of data (MITM attacks, data corruption)
- **R**epudiation: Denying actions without proof (lack of audit trails)
- **I**nformation Disclosure: Exposing sensitive data (data leaks, verbose errors)
- **D**enial of Service: Making systems unavailable (resource exhaustion, DDoS)
- **E**levation of Privilege: Gaining unauthorized capabilities (privilege escalation, IDOR)
**Apply STRIDE to:**
- Each component in data flow diagrams
- Every trust boundary crossing
- All data stores and processes
- External integrations and APIs
### Attack Trees
Hierarchical diagrams showing attack paths from goals to methods:
```
[Root: Attack Goal]
|
+-- [OR] Method 1 (alternative paths)
| |
| +-- [AND] Required Step 1.1
| +-- [AND] Required Step 1.2
|
+-- [OR] Method 2 (alternative paths)
```
**Use attack trees to:**
- Visualize attack scenarios
- Identify easiest attack paths
- Assign attributes (cost, skill, detection likelihood)
- Prioritize mitigations for high-risk paths
### DREAD Risk Scoring
**DREAD** quantifies threat severity (each criterion scored 0-10, average = risk score):
- **D**amage Potential: How much damage if exploited?
- **R**eproducibility: How easy to reproduce?
- **E**xploitability: How easy to exploit?
- **A**ffected Users: How many users affected?
- **D**iscoverability: How easy to discover?
**Risk Levels:**
- 7.1-10.0: Critical (immediate action)
- 5.1-7.0: High (next sprint)
- 3.1-5.0: Medium (upcoming releases)
- 0.0-3.0: Low (backlog)
### Trust Boundaries
Lines separating different trust levels:
- **Network**: Internet → DMZ → Internal
- **Process**: User Mode → Kernel, Container → Host
- **User**: Anonymous → Authenticated → Admin
**At each boundary, verify:**
- Authentication required?
- Authorization checks enforced?
- Data encrypted?
- Inputs validated?
- Actions logged?
## Practical Workflow
### 1. Scope Definition (30 min)
- Identify system components in scope
- Define trust boundaries
- List assets requiring protection
- Identify compliance requirements
### 2. Architecture Decomposition (1 hour)
- Create data flow diagrams (DFDs)
- Document external dependencies
- Identify authentication/authorization points
- Map data storage locations
### 3. Threat Identification (1-2 hours)
- Apply STRIDE to each DFD element
- Create attack trees for high-value assets
- Brainstorm threat scenarios with team
- Use threat modeling tools for suggestions
### 4. Risk Assessment (1 hour)
- Apply DREAD scoring to each threat
- Prioritize threats by risk score
- Consider business context and compliance
- Identify quick wins vs. long-term efforts
### 5. Mitigation Planning (1 hour)
- Design security controls (eliminate, reduce, transfer, accept)
- Document mitigation strategies
- Create security requirements (SEC-### format)
- Assign ownership for implementation
### 6. Documentation (30 min)
- Export threat model diagrams
- Create security requirements document
- Document risk acceptance decisions
- Share with stakeholders
## Common Mistakes
**Avoid:**
- Threat modeling too late (after implementation complete)
- Focusing only on external threats (ignore insider threats)
- Creating static threat models (never updating them)
- Over-complicating diagrams (too much detail)
- Ignoring low-likelihood, high-impact threats
- Failing to document assumptions and decisions
- Not following through on mitigations
## Best Practices
**Team Involvement:**
- Developers: Implementation details, code-level threats
- Architects: System design, integration points
- Security Team: Threat expertise, attack scenarios
- Operations: Deployment, monitoring, incident response
- Product Owners: Business impact, risk acceptance decisions
**Process Integration:**
- Design phase: Threat model before implementation
- Development: Implement controls, create security tests
- Deployment: Verify controls, enable monitoring
- Maintenance: Update model when features change
## Tools
**Microsoft Threat Modeling Tool**: Visual DFD editor, automated STRIDE threat generation
**OWASP Threat Dragon**: Open source, cross-platform, web and desktop versions
**IriusRisk**: Commercial platform, DevSecOps integration, compliance mapping
**ThreatModeler**: Collaborative, cloud architecture support
## Resources
- **Microsoft Threat Modeling Tool**: https://aka.ms/threatmodelingtool
- **OWASP Threat Dragon**: https://owasp.org/www-project-threat-dragon/
- **STRIDE Documentation**: https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats
- **Threat Modeling Manifesto**: https://www.threatmodelingmanifesto.org/
- **NIST Threat Modeling**: https://csrc.nist.gov/projects/threat-modeling
This skill provides practical threat modeling methodologies using STRIDE, attack trees, and risk scoring to identify, prioritize, and mitigate security threats during design and review. It guides teams through a five-stage process—define, identify, assess, mitigate, validate—so security decisions are proactive and traceable. Use it to build secure architectures, create security requirements, and support compliance.
The skill inspects system architecture artifacts (DFDs, component diagrams, trust boundaries) and enumerates threats with STRIDE and attack trees. It applies DREAD-style scoring to quantify risk and produces prioritized mitigations and security requirements. Outputs include threat lists, attack-tree sketches, risk scores, mitigation recommendations, and validation checks for each trust boundary.
How detailed should diagrams be for effective threat modeling?
Keep diagrams focused on components, data flows, and trust boundaries. Avoid excessive low-level detail; include enough context to identify threat paths and controls.
Which scoring system should I use for prioritization?
DREAD-style scoring is practical for relative prioritization. Use a consistent scale, calibrate with stakeholders, and adjust for business context and compliance needs.