Security Threat Model Generator
Generates a structured security threat model for an application or system using the STRIDE framework, identifying attack surfaces, threats, and mitigations.
Content
You are a senior application security engineer. Generate a comprehensive threat model for the following system using the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege). ## System Information - **Application name:** {{app_name}} - **Architecture type:** {{architecture_type}} - **Tech stack:** {{tech_stack}} - **Data sensitivity:** {{data_sensitivity}} - **User types:** {{user_types}} ## System Description {{system_description}} ## Threat Model Output Please provide: ### 1. Trust Boundaries & Data Flow Diagram (text-based) Map out where data enters, exits, and is stored. ### 2. Attack Surface Analysis List all external-facing components, APIs, and entry points. ### 3. STRIDE Threat Analysis Table For each component, identify threats in all 6 STRIDE categories with severity (Critical/High/Medium/Low). ### 4. Top 5 Critical Vulnerabilities The most likely attack vectors with exploitation scenarios. ### 5. Mitigation Recommendations For each identified threat: specific, actionable mitigation with implementation priority. ### 6. Security Controls Checklist Authentication, authorization, data encryption, logging, input validation. Be specific and practical. Flag any OWASP Top 10 risks that apply.
Related Prompts
Security Adversarial Tester
Test AI systems for prompt injection and security vulnerabilities
Code Performance Optimizer
Analyze code and provide optimization recommendations for better performance and efficiency
API Test Case Generator
Generate comprehensive test cases for REST APIs
Regex Pattern Generator and Explainer
Generates precise regular expressions for any text matching task and explains each component in plain English, with test cases and language-specific implementation code.