Perform threat modeling on the specified target.
Context
Architecture overview:
!cat README.md 2>/dev/null | head -50 || cat ARCHITECTURE.md 2>/dev/null | head -50 || echo "No architecture docs found"
Authentication:
!grep -rl "auth\|jwt\|session\|oauth\|passport" --include="*.py" --include="*.js" --include="*.ts" --include="*.go" 2>/dev/null | head -10
Data stores:
!grep -rl "database\|redis\|mongo\|postgres\|mysql\|sqlite" --include="*.py" --include="*.js" --include="*.ts" --include="*.go" --include="*.yaml" --include="*.yml" 2>/dev/null | head -10
Target: $ARGUMENTS
Instructions
- •Decompose the system into components and data flows
- •Identify trust boundaries
- •Apply STRIDE analysis to each component and data flow
- •Score risks using DREAD
- •Recommend mitigations for identified threats
- •Generate comprehensive threat model report