Build a threat model for this system step by step. System description: {{system_description}} Data sensitivity: {{data_classification}} User types: {{user_types}} Think through systematically: 1. ASSETS: What are we protecting? (Data, compute, availability) 2. TRUST BOUNDARIES: Where do trust levels change? 3. ENTRY POINTS: What are all the ways someone can interact with the system? 4. AUTHENTICATION: How is identity verified at each entry point? 5. AUTHORIZATION: How is access controlled? Are there privilege escalation paths? 6. DATA FLOW: Where does sensitive data travel? Is it encrypted? 7. THREAT ACTORS: Who would want to attack this? (Script kiddies, competitors, insiders) 8. ATTACK VECTORS: What are the STRIDE threats? (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation) 9. RISK RANKING: Which threats have highest likelihood and impact? 10. MITIGATIONS: What controls address the top risks?
Security Threat Model Analysis
Build a threat model by reasoning through attack vectors systematically.
42 copies0 forks
Share this prompt:
Details
Category
CodingUse Cases
Security architecture reviewThreat modeling workshopCompliance security assessment
Works Best With
claude-opus-4.5gpt-5.2gemini-2.0-flash
Created Updated Shared