What is the STRIDE methodology?

STRIDE is a threat modeling framework used to identify security threats across six categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

How does this skill assist with security documentation?

It provides standardized Markdown templates for creating detailed threat models, including data flow diagrams, asset lists, and prioritized risk matrices suitable for audits.

Does it suggest specific code mitigations?

Yes, the skill includes a library of common mitigations for each STRIDE category, such as implementing MFA for Spoofing or parameterized queries for Tampering.

Can I use this for compliance like SOC2 or ISO 27001?

Yes, by generating systematic threat assessments and documenting mitigations, this skill helps satisfy the risk management and security review requirements of major compliance frameworks.

STRIDE Threat Analysis Patterns

Name: STRIDE Threat Analysis Patterns
Author: gwickman

bygwickman

0•

보안 및 테스팅

Implements the STRIDE methodology to systematically identify, categorize, and mitigate security threats during system design and code review.

The STRIDE Analysis Patterns skill provides a comprehensive framework for conducting professional threat modeling within your development workflow. By utilizing the industry-standard STRIDE categories—Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege—it helps teams move beyond ad-hoc security checks to a systematic architectural review. The skill includes structured documentation templates, risk assessment matrices, and automated questionnaires designed to identify trust boundaries and prioritize vulnerabilities based on impact and likelihood. It is an essential tool for developers looking to bake security into their lifecycle, from initial design to compliance-ready documentation.

주요 기능

01Integrated risk assessment matrix for impact and likelihood scoring

02Automated security questionnaires for system components

03Professional threat model documentation and reporting templates

040 GitHub stars

05Structured STRIDE categorization for comprehensive threat identification

06Domain-specific mitigation suggestions for common vulnerability patterns

사용 사례

01Performing security design reviews and auditing existing trust boundaries

02Conducting formal threat modeling sessions for new system architectures or microservices

03Generating documentation for security compliance, audits, and stakeholder reviews

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add gwickman/auto-dev-test-target-1 stride-analysis-patterns

For use in Claude.ai and ChatGPT

Download Skill