Threat Modeling

Name: OpenModels
Creator: OpenModels
License: https://github.com/openmodelsrun/openmodels

advancedsecurityMin 64K context

Performs systematic threat modeling for software systems using frameworks like STRIDE, PASTA, and Attack Trees. Identifies potential security threats, attack vectors, and vulnerabilities in system architectures. Produces prioritized risk assessments with mitigation strategies and security controls.

threat-modeling stride security risk-assessment attack-surface architecture

Use Cases

STRIDE analysis of microservices architectures
Identifying attack surfaces in API designs
Creating data flow diagrams with trust boundaries
Prioritizing security risks by impact and likelihood
Generating mitigation strategies mapped to security controls

Example Prompt

Perform a threat model for the following system architecture.

System: E-commerce platform with microservices
Components:
- React frontend (CDN-hosted)
- API Gateway (Kong)
- Auth Service (JWT + OAuth2)
- Order Service
- Payment Service (integrates with Stripe)
- PostgreSQL database
- Redis cache
- S3 for file storage
- Message queue (RabbitMQ)

Please provide:
1. Data flow diagram description with trust boundaries
2. STRIDE analysis for each component
3. Top 10 threats ranked by risk (impact × likelihood)
4. Attack trees for the top 3 threats
5. Mitigation strategies with specific security controls
6. Residual risk after mitigations
7. Recommended security testing priorities

Recommended Models

claude-opus-4-6 gpt-5 gemini-2-5-pro

Compatible Tools

claude-codecursorkiroany

Modalities

Input: text, image

→

Output: text

Related Skills

security-audit system-design

Author

OpenModels Community

@openmodelsrun