How does this skill help with security compliance?

It provides structured documentation and systematic threat identification, which are critical requirements for compliance frameworks like SOC 2, ISO 27001, and NIST.

What is the STRIDE methodology used in this skill?

STRIDE is a framework for identifying security threats by categorizing them into six types: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

When is the best time to use this skill in the development cycle?

It is most effective during the design and architecture phase, allowing you to build security into the system rather than trying to patch vulnerabilities after implementation.

What is DREAD scoring?

DREAD is a risk assessment model used to quantify the severity of a threat based on Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability.

Threat Modeling Techniques

Name: Threat Modeling Techniques
Author: NickCrew

byNickCrew

•

セキュリティとテスト

Implements systematic security analysis methodologies to identify, assess, and mitigate software vulnerabilities during the design phase.

This skill enables Claude to perform comprehensive security architecture reviews using industry-standard frameworks like STRIDE and DREAD. It assists developers in mapping data flow diagrams, identifying trust boundaries, and constructing attack trees to visualize potential exploits. By integrating these techniques early in the development lifecycle, it helps teams build secure-by-design systems, prioritize security risks based on quantitative scoring, and document mitigation strategies for compliance and audit requirements like SOC 2 or ISO 27001.

主な機能

01Quantitative risk assessment using the DREAD scoring framework

027 GitHub stars

03Step-by-step guidance for security architecture reviews and documentation

04STRIDE-based threat identification for components and data flows

05Visualizing attack vectors through hierarchical attack trees

06Mapping trust boundaries across network, process, and user layers

ユースケース

01Identifying potential attack vectors before implementing sensitive features

02Prioritizing security backlogs based on calculated risk severity scores

03Conducting security architecture reviews for new cloud or API systems

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nickcrew/claude-cortex threat-modeling-techniques

For use in Claude.ai and ChatGPT

Download Skill