一键导入
threat-modeling
Systematic threat analysis using STRIDE and MITRE ATT&CK frameworks following Hack23 ISMS Threat Modeling Policy
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Systematic threat analysis using STRIDE and MITRE ATT&CK frameworks following Hack23 ISMS Threat Modeling Policy
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | threat-modeling |
| description | Systematic threat analysis using STRIDE and MITRE ATT&CK frameworks following Hack23 ISMS Threat Modeling Policy |
| license | Apache-2.0 |
This skill ensures systematic identification, analysis, and mitigation of security threats using structured methodologies as defined in the Hack23 ISMS Threat Modeling Policy. It applies to all systems, applications, and data flows within the organization.
MUST:
MUST NOT:
Spoofing Identity (S):
Tampering with Data (T):
Repudiation (R):
Information Disclosure (I):
Denial of Service (D):
Elevation of Privilege (E):
MUST:
Example Mappings:
MUST:
Components:
MUST:
Risk Formula: Risk = Likelihood × Impact
Likelihood Ratings:
Impact Ratings:
Risk Score Matrix:
MUST:
Mitigation Strategies:
## Component: User Login API
### Data Flow Diagram
[User] --username/password--> [Login API] --SQL query--> [Database] [Login API] --session token--> [User]
### Trust Boundaries
- Internet → Web Server
- Web Server → Database
### STRIDE Analysis
**S - Spoofing:**
- Threat: Attacker guesses weak passwords
- Risk: High Likelihood (3) × High Impact (3) = 9 (Critical)
- Mitigation:
- Implement strong password policy (12+ chars, complexity)
- Implement account lockout after 5 failed attempts
- Implement rate limiting (max 10 attempts/minute/IP)
- Log all authentication attempts
- ATT&CK: T1110 (Brute Force)
**T - Tampering:**
- Threat: MitM attack captures credentials
- Risk: Medium Likelihood (2) × High Impact (3) = 6 (High)
- Mitigation:
- Enforce TLS 1.2+ for all connections
- Implement HSTS headers
- Use secure session cookies (HTTPOnly, Secure, SameSite)
- ATT&CK: T1557 (Man-in-the-Middle)
**R - Repudiation:**
- Threat: User denies performing actions
- Risk: Low Likelihood (1) × Medium Impact (2) = 2 (Low)
- Mitigation:
- Log all authentication events with timestamp, IP, user agent
- Protect log integrity (append-only S3 bucket)
- Implement log retention for 1 year
- ATT&CK: T1070 (Indicator Removal on Host)
**I - Information Disclosure:**
- Threat: SQL injection exposes user data
- Risk: Medium Likelihood (2) × Critical Impact (4) = 8 (High)
- Mitigation:
- Use parameterized queries exclusively
- Implement input validation (allowlist)
- Run database with least privilege account
- Implement Web Application Firewall (WAF)
- ATT&CK: T1190 (Exploit Public-Facing Application)
**D - Denial of Service:**
- Threat: Attacker floods login endpoint
- Risk: High Likelihood (3) × Medium Impact (2) = 6 (High)
- Mitigation:
- Implement rate limiting (per IP and per account)
- Use CAPTCHA after 3 failed attempts
- Implement CDN with DDoS protection
- Set up auto-scaling
- ATT&CK: T1498 (Network Denial of Service)
**E - Elevation of Privilege:**
- Threat: SQL injection bypasses authentication
- Risk: Medium Likelihood (2) × Critical Impact (4) = 8 (High)
- Mitigation:
- Use ORM or parameterized queries
- Implement principle of least privilege for database access
- Separate admin and user authentication paths
- Implement security testing in CI/CD
- ATT&CK: T1068 (Exploitation for Privilege Escalation)
Goal: Compromise User Account
|
+-- [OR] Steal Credentials
| |
| +-- [AND] Phishing Attack
| | +-- Send phishing email (Easy)
| | +-- User clicks malicious link (Medium)
| | +-- User enters credentials (Medium)
| | → Mitigation: Security awareness training, email filtering, MFA
| | → ATT&CK: T1566 (Phishing)
| |
| +-- [AND] Password Guessing
| | +-- Obtain username (Easy)
| | +-- Guess weak password (Medium)
| | → Mitigation: Strong password policy, account lockout, rate limiting
| | → ATT&CK: T1110 (Brute Force)
| |
| +-- [AND] Database Breach
| +-- SQL injection (Hard)
| +-- Extract password hashes (Medium)
| +-- Crack hashes (Hard)
| → Mitigation: Parameterized queries, strong hashing (bcrypt), WAF
| → ATT&CK: T1190 (Exploit Public-Facing Application)
|
+-- [OR] Session Hijacking
|
+-- [AND] XSS Attack
| +-- Find XSS vulnerability (Hard)
| +-- Inject JavaScript to steal session cookie (Medium)
| → Mitigation: Input validation, output encoding, HTTPOnly cookies, CSP
| → ATT&CK: T1185 (Browser Session Hijacking)
|
+-- [AND] Session Fixation
+-- Provide victim with known session ID (Easy)
+-- Victim authenticates with fixed session (Medium)
→ Mitigation: Regenerate session ID on login, use secure random IDs
→ ATT&CK: T1185 (Browser Session Hijacking)
# Threat Model: [System Name]
## Document Control
- **Version:** 1.0
- **Date:** 2026-02-10
- **Author:** Security Team
- **Status:** Approved
- **Classification:** Internal
## 1. System Overview
### Purpose
[Brief description of system purpose and business value]
### Architecture
[High-level architecture diagram]
### Data Classification
- **Public:** Product catalog
- **Internal:** User activity logs
- **Confidential:** User PII, payment information
- **Restricted:** Encryption keys
## 2. Assumptions and Dependencies
### Assumptions
- Users access system via HTTPS only
- Database is hosted in secure AWS VPC
- All users complete security training annually
### Dependencies
- AWS (infrastructure)
- Stripe (payment processing)
- SendGrid (email delivery)
## 3. Data Flow Diagrams
### Level 0: Context Diagram
[User] --HTTPS--> [Web Application] --TLS--> [Payment Gateway] [Web Application] --TLS--> [Database]
### Level 1: Detailed Flow
[Include detailed DFD with trust boundaries]
## 4. STRIDE Analysis
[For each component, perform STRIDE analysis as shown in Example 1]
## 5. Threat Summary
| ID | Component | Threat | STRIDE | Risk | ATT&CK | Status |
|----|-----------|--------|--------|------|--------|--------|
| T-001 | Login API | Password guessing | S | Critical (9) | T1110 | Mitigated |
| T-002 | Login API | SQL injection | I, E | High (8) | T1190 | Mitigated |
| T-003 | Web App | XSS | I, T | High (6) | T1185 | In Progress |
## 6. Mitigation Plan
| Threat ID | Mitigation | Owner | Due Date | Status |
|-----------|------------|-------|----------|--------|
| T-001 | Implement account lockout | Dev Team | 2026-02-15 | Complete |
| T-002 | Use parameterized queries | Dev Team | 2026-02-20 | Complete |
| T-003 | Implement CSP headers | DevOps | 2026-02-25 | In Progress |
## 7. Residual Risks
[List any accepted risks with executive approval]
## 8. References
- [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)
- [Risk Assessment Methodology](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Risk_Assessment_Methodology.md)
This skill implements requirements from:
Threat modeling compliance is verified through:
GitHub Agentic Workflows (gh-aw) - markdown-based AI automation with 5-layer security, safe outputs, and Continuous AI patterns
gh-aw CLI usage, compilation, testing, debugging, add-wizard, and CI/CD practices for GitHub Agentic Workflows
Multi-agent coordination, orchestrator-worker patterns, /plan decomposition, and project coordination for GitHub Agentic Workflows
5-layer defense-in-depth security for GitHub Agentic Workflows - safe outputs, threat detection, AWF firewall, and zero-trust patterns
Continuous AI patterns from Agent Factory - issue triage, documentation sync, code quality, security scanning, and project coordination
GDPR compliance including privacy by design, data protection requirements, consent management, right to be forgotten, and data breach response