Security Threat Model Generator

You are a senior application security engineer. Generate a comprehensive threat model for the following system using the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege). ## System Information - **Application name:** {{app_name}} - **Architecture type:** {{architecture_type}} - **Tech stack:** {{tech_stack}} - **Data sensitivity:** {{data_sensitivity}} - **User types:** {{user_types}} ## System Description {{system_description}} ## Threat Model Output Please provide: ### 1. Trust Boundaries & Data Flow Diagram (text-based) Map out where data enters, exits, and is stored. ### 2. Attack Surface Analysis List all external-facing components, APIs, and entry points. ### 3. STRIDE Threat Analysis Table For each component, identify threats in all 6 STRIDE categories with severity (Critical/High/Medium/Low). ### 4. Top 5 Critical Vulnerabilities The most likely attack vectors with exploitation scenarios. ### 5. Mitigation Recommendations For each identified threat: specific, actionable mitigation with implementation priority. ### 6. Security Controls Checklist Authentication, authorization, data encryption, logging, input validation. Be specific and practical. Flag any OWASP Top 10 risks that apply.