Checklist
- •Classify data sensitivity, trust boundaries, and threat actors.
- •Review authN/authZ flows, secrets management, and logging coverage.
- •Inspect dependency and infrastructure changes for privilege escalation.
- •Ensure mitigations include monitoring, alerting, and incident playbooks.
- •Capture residual risk, owner, and follow-up cadence.
Prompts
- •"What compensating controls do we need before shipping?"
- •"Summarize the highest-severity risk and a remediation timeline."
Resources
- •Threat modeling worksheet.
- •Company secure coding standards.