Jeden Skill in Manus ausführen
mit einem Klick

Jeden Skill in Manus mit einem Klick ausführen

threat-modeling

Apply STRIDE threat modeling to system designs, identify IDOR and authorization vulnerabilities, and build threat matrices for security reviews. Use when the user designs a new system, reviews an architecture, prepares for a security audit, or asks about common API vulnerabilities like IDOR or broken access control.

In Manus ausführen

Sterne15

Forks3

Aktualisiert15. April 2026 um 10:04

Quelle

sawrus

sawrus/agent-guides

GitHub-Repository öffnen Creator-Repositorys ansehen

Installationsbefehl

Download

In Manus ausführen

Nützlich fürSOC

InformationssicherheitsanalystenInformatik- und Mathematikberufe15-1212L4

SKILL.md

readonly

name	threat-modeling
type	skill
description	Apply STRIDE threat modeling to system designs, identify IDOR and authorization vulnerabilities, and build threat matrices for security reviews. Use when the user designs a new system, reviews an architecture, prepares for a security audit, or asks about common API vulnerabilities like IDOR or broken access control.
related-rules	["security-baseline.md"]
allowed-tools	Read, Bash

Skill: Threat Modeling

Expertise: STRIDE framework, IDOR prevention, authorization boundary analysis, threat matrices for API and system security reviews.

When to load

When designing a new system, adding an integration, reviewing an architecture, or preparing for a security review.

STRIDE Framework

Threat	Question	Example
Spoofing	Can an attacker impersonate a user/service?	Forged JWT, SSRF to metadata service
Tampering	Can data be modified in transit/at rest?	SQL injection, cache poisoning
Repudiation	Can users deny performing an action?	Missing audit logs
Information Disclosure	Can sensitive data be exposed?	Error messages leaking stack traces
Denial of Service	Can the service be made unavailable?	No rate limiting on public endpoints
Elevation of Privilege	Can a low-privilege user gain higher access?	IDOR, broken object-level authorization

Threat Modeling Workflow

Identify assets — list sensitive data, APIs, and trust boundaries in the system
Apply STRIDE — walk through each threat category against every asset and boundary
Score risks — rank by likelihood × impact (Critical / High / Medium / Low)
Prioritize mitigations — address Critical/High first; document accepted risks for Medium/Low
Validate — verify mitigations with code review, SAST/DAST scans, or penetration testing

IDOR — Most Common API Vulnerability

# ❌ Vulnerable
@app.get("/invoices/{invoice_id}")
def get_invoice(invoice_id: int, current_user: User = Depends(get_current_user)):
    return db.query(Invoice).filter(Invoice.id == invoice_id).first()

# ✅ Safe: always scope to authenticated user
@app.get("/invoices/{invoice_id}")
def get_invoice(invoice_id: int, current_user: User = Depends(get_current_user)):
    invoice = db.query(Invoice).filter(
        Invoice.id == invoice_id,
        Invoice.owner_id == current_user.id  # ← ownership check
    ).first()
    if not invoice:
        raise HTTPException(status_code=404)  # 404, not 403
    return invoice

Common Mistakes

Returning 403 instead of 404 — reveals that the resource exists, enabling enumeration
Client-side authorization only — always enforce ownership and role checks server-side
Missing audit logs for sensitive actions — makes repudiation threats undetectable
Trusting internal service-to-service calls — apply zero-trust; validate JWTs at every boundary

Mehr aus diesem Repository

gleiches Repository

github-actions-patterns

sawrus/agent-guides

Production-grade GitHub Actions workflows — reusable workflows, OIDC cloud auth, caching, matrix builds, and environment protection rules. Use when the user creates, reviews, or debugs CI/CD pipelines in .github/workflows, or asks about GitHub Actions deployment, OIDC authentication, or workflow optimization.

2026-04-1515

pod-troubleshooting

sawrus/agent-guides

Systematic diagnosis of Kubernetes pod failures — CrashLoopBackOff, OOMKilled, Pending, ImagePullBackOff, and service connectivity issues. Use when the user encounters pods not starting, container restart loops, scheduling failures, or service unreachability in a K8s cluster.

2026-04-1515

distributed-tracing

sawrus/agent-guides

Implement distributed tracing with OpenTelemetry, Tempo/Jaeger — instrumentation, sampling, and trace-to-log correlation. Use when the user asks about distributed tracing, OpenTelemetry setup, span instrumentation, trace propagation, or connecting traces to logs and metrics.

2026-04-1515

component-design

sawrus/agent-guides

Design reusable React components with compound patterns, controlled/uncontrolled hybrids, typed prop APIs, async state handling, and ARIA accessibility. Use when the user creates, refactors, or reviews React components, or mentions props, hooks, .tsx files, component APIs, or accessible UI patterns.

2026-04-1515

pipeline-security

sawrus/agent-guides

Secure CI/CD pipelines with keyless signing, OIDC federation, provenance attestations, policy enforcement, and hardened runners.

2026-04-1015

artifact-management

sawrus/agent-guides

Manage container images, Helm charts, and build artifacts — registry organization, retention, promotion between environments.

2026-03-0815

name	threat-modeling
type	skill
description	Apply STRIDE threat modeling to system designs, identify IDOR and authorization vulnerabilities, and build threat matrices for security reviews. Use when the user designs a new system, reviews an architecture, prepares for a security audit, or asks about common API vulnerabilities like IDOR or broken access control.
related-rules	["security-baseline.md"]
allowed-tools	Read, Bash

Skill: Threat Modeling

Expertise: STRIDE framework, IDOR prevention, authorization boundary analysis, threat matrices for API and system security reviews.

When to load

When designing a new system, adding an integration, reviewing an architecture, or preparing for a security review.

STRIDE Framework

Threat	Question	Example
Spoofing	Can an attacker impersonate a user/service?	Forged JWT, SSRF to metadata service
Tampering	Can data be modified in transit/at rest?	SQL injection, cache poisoning
Repudiation	Can users deny performing an action?	Missing audit logs
Information Disclosure	Can sensitive data be exposed?	Error messages leaking stack traces
Denial of Service	Can the service be made unavailable?	No rate limiting on public endpoints
Elevation of Privilege	Can a low-privilege user gain higher access?	IDOR, broken object-level authorization

Threat Modeling Workflow

Identify assets — list sensitive data, APIs, and trust boundaries in the system
Apply STRIDE — walk through each threat category against every asset and boundary
Score risks — rank by likelihood × impact (Critical / High / Medium / Low)
Prioritize mitigations — address Critical/High first; document accepted risks for Medium/Low
Validate — verify mitigations with code review, SAST/DAST scans, or penetration testing

IDOR — Most Common API Vulnerability

# ❌ Vulnerable
@app.get("/invoices/{invoice_id}")
def get_invoice(invoice_id: int, current_user: User = Depends(get_current_user)):
    return db.query(Invoice).filter(Invoice.id == invoice_id).first()

# ✅ Safe: always scope to authenticated user
@app.get("/invoices/{invoice_id}")
def get_invoice(invoice_id: int, current_user: User = Depends(get_current_user)):
    invoice = db.query(Invoice).filter(
        Invoice.id == invoice_id,
        Invoice.owner_id == current_user.id  # ← ownership check
    ).first()
    if not invoice:
        raise HTTPException(status_code=404)  # 404, not 403
    return invoice

Common Mistakes

Returning 403 instead of 404 — reveals that the resource exists, enabling enumeration
Client-side authorization only — always enforce ownership and role checks server-side
Missing audit logs for sensitive actions — makes repudiation threats undetectable
Trusting internal service-to-service calls — apply zero-trust; validate JWTs at every boundary