securityadvanced
Threat Model Generator
Generates a STRIDE-based threat model for a system or feature.
Prompt
Generate a threat model for the following system using the STRIDE framework:
**System**: {{system}}
**Architecture**: {{architecture}}
**Data sensitivity**: {{dataSensitivity}} (public/internal/confidential/restricted)
**Trust boundaries**: {{trustBoundaries}}
For each STRIDE category (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege):
1. **Threat**: specific threat scenario (not generic)
2. **Attack vector**: how an attacker would exploit this
3. **Affected component**: which part of the system is vulnerable
4. **Impact**: what damage this causes (data, availability, reputation)
5. **Likelihood**: low/medium/high with reasoning
6. **Risk score**: impact x likelihood
7. **Mitigation**: specific countermeasure with implementation details
8. **Detection**: how to detect if this attack is occurring
9. **Residual risk**: what risk remains after mitigation
Prioritize by risk score. Include a data flow diagram description.Variables
{{system}}{{architecture}}{{dataSensitivity}}{{trustBoundaries}}
Use Cases
- Security design reviews
- Compliance documentation
- New feature risk assessment
Compatible Models
claude-sonnet-4-20250514gpt-4o
Tags
threat-modelingstridesecurity-reviewrisk-assessment
Details
- Author
- PromptIndex
- Updated
- 2026-04-01
- Difficulty
- advanced
Related Prompts
- Security Code Audit
Performs a security-focused code review identifying vulnerabilities and fixes.
- Dependency Risk Analyzer
Assesses the risk profile of project dependencies based on maintenance, popularity, and security history.
- Incident Response Playbook
Generates an incident response playbook for a specific type of security incident.