Skills Guide

Workflow de Modélisation des Menaces Complet

VérifiéSûr

Orchestre l'intégralité du workflow de modélisation des menaces, de l'initialisation à la génération de rapports, incluant la découverte d'actifs, l'analyse des menaces, la vérification des contrôles, la cartographie de conformité et la documentation. À utiliser pour une évaluation de sécurité complète ou la production de documentation détaillée sur les menaces.

Spar Skills Guide Bot
SecuriteAvancé
7002/06/2026
Claude Code
#threat-modeling#risk-analysis#security-assessment#compliance-mapping#architecture-review

Recommandé pour

Claude CodeAudit de sécuritéIngénieur sécurité

Notre avis

Orchestre le workflow complet de modélisation des menaces, de l'initialisation à la génération de rapports, en intégrant l'analyse, la vérification et la mise en conformité.

Points forts

  • Automatise l'ensemble du processus de modélisation des menaces en une seule commande.
  • Intègre plusieurs frameworks (STRIDE, PASTA) et normes de conformité (OWASP, SOC2, ISO27001).
  • Produit une documentation complète incluant diagrammes, registre des risques et preuves de contrôle.
  • Vérifie les contrôles de sécurité directement dans le code source.

Limites

  • Nécessite une documentation d'architecture existante et de qualité.
  • Peut être long à exécuter sur des systèmes complexes.
  • Dépend de la capacité à explorer le code pour la vérification des contrôles.
Quand l'utiliser

Utilisez ce skill pour réaliser une analyse complète de modélisation des menaces sur un système bien documenté, en générant des rapports détaillés pour les parties prenantes techniques et non techniques.

Quand l'éviter

Ne l'utilisez pas pour des évaluations rapides ou ad hoc, ou lorsque la documentation d'architecture est insuffisante ou inexistante.

Analyse de sécurité

Sûr
Score qualité92/100

The skill uses only safe file and directory tools (Read, Write, Glob, Grep, and restricted Bash commands mkdir and ls) to perform a threat modeling workflow. No destructive commands, network access, or code execution capabilities are present.

Aucun point d'attention détecté

Exemples

Default full threat model
/tm-full --docs ./architecture-docs
Detailed model with PASTA and multiple compliance frameworks
/tm-full --framework pasta --compliance owasp,soc2,iso27001 --report-level detailed --output ./threat-report
Executive summary threat model
/tm-full --docs ./system-design --report-level executive

name: tm-full description: Run the complete threat modeling workflow from initialization through reporting. Orchestrates all other skills in sequence. Use when performing full threat model analysis, running complete security assessment, or generating comprehensive threat documentation. allowed-tools: Read, Write, Glob, Grep, Bash(mkdir:), Bash(ls:)

Full Threat Modeling Workflow

Purpose

Orchestrate the complete threat modeling workflow in a single command:

  1. Initialize - Discover assets and architecture
  2. Analyze - Identify and assess threats
  3. Verify - Check control implementations
  4. Comply - Map to frameworks
  5. Report - Generate comprehensive documentation

Usage

/tm-full [--docs <path>] [--framework stride|pasta] [--compliance <list>] [--output <path>] [--report-level executive|standard|detailed]

Arguments:

  • --docs: Path to architecture documentation (default: ./docs)
  • --framework: Threat framework (default: stride)
  • --compliance: Compliance frameworks, comma-separated (default: owasp)
  • --output: Output directory (default: .threatmodel)
  • --report-level: Report detail level (default: standard)

Workflow Steps

┌─────────────────────────────────────────────────────────────┐
│                    FULL WORKFLOW                             │
├─────────────────────────────────────────────────────────────┤
│                                                             │
│  [1/5] INITIALIZATION                                       │
│  ─────────────────────                                      │
│  • Read architecture documentation                          │
│  • Extract assets and classify                              │
│  • Map data flows                                           │
│  • Identify trust boundaries                                │
│  • Catalog attack surface                                   │
│  • Generate architecture diagrams                           │
│                                                             │
│  Output: assets.json, dataflows.json, trust-boundaries.json │
│          attack-surface.json, diagrams/*.mmd                │
│                                                             │
├─────────────────────────────────────────────────────────────┤
│                                                             │
│  [2/5] THREAT ANALYSIS                                      │
│  ─────────────────────                                      │
│  • Apply STRIDE to each component                           │
│  • Enumerate threats per attack surface                     │
│  • Build attack trees for critical threats                  │
│  • Assess likelihood and impact                             │
│  • Calculate risk scores                                    │
│  • Create risk register                                     │
│                                                             │
│  Output: threats.json, attack-trees.json, risk-register.json│
│                                                             │
├─────────────────────────────────────────────────────────────┤
│                                                             │
│  [3/5] CONTROL VERIFICATION                                 │
│  ─────────────────────────                                  │
│  • Identify required controls                               │
│  • Search codebase for implementations                      │
│  • Verify configurations                                    │
│  • Collect evidence                                         │
│  • Document gaps                                            │
│                                                             │
│  Output: controls.json, gaps.json, verification.json        │
│                                                             │
├─────────────────────────────────────────────────────────────┤
│                                                             │
│  [4/5] COMPLIANCE MAPPING                                   │
│  ───────────────────────                                    │
│  • Map threats to framework requirements                    │
│  • Map controls to requirements                             │
│  • Calculate coverage percentages                           │
│  • Identify compliance gaps                                 │
│                                                             │
│  Output: compliance.json, compliance-report.md              │
│                                                             │
├─────────────────────────────────────────────────────────────┤
│                                                             │
│  [5/5] REPORT GENERATION                                    │
│  ───────────────────────                                    │
│  • Aggregate all findings                                   │
│  • Prioritize risks                                         │
│  • Generate countermeasures                                 │
│  • Create executive summary                                 │
│  • Compile detailed report                                  │
│  • Create baseline snapshot                                 │
│                                                             │
│  Output: risk-report.md, executive-summary.md,              │
│          baseline/snapshot-{date}.json                      │
│                                                             │
└─────────────────────────────────────────────────────────────┘

Progress Display

═══════════════════════════════════════════════════════════════
            THREAT MODELING - FULL WORKFLOW
═══════════════════════════════════════════════════════════════

Project: My Application
Documentation: ./docs/architecture
Framework: STRIDE
Compliance: OWASP, SOC2

───────────────────────────────────────────────────────────────

[1/5] Initializing...
      ├── Scanning documentation...
      ├── Extracting assets... found 14
      ├── Mapping data flows... found 22
      ├── Identifying trust boundaries... found 5
      ├── Cataloging attack surface... found 12 entries
      └── Generating diagrams... done
      ✓ Initialization complete

[2/5] Analyzing threats...
      ├── Applying STRIDE framework...
      ├── Processing 14 assets...
      ├── Analyzing 8 trust boundary crossings...
      ├── Building attack trees for critical threats...
      └── Creating risk register...
      ✓ Threat analysis complete (47 threats identified)

[3/5] Verifying controls...
      ├── Identifying required controls... 29 needed
      ├── Searching codebase...
      ├── Verifying implementations...
      └── Documenting gaps...
      ✓ Verification complete (18 verified, 7 partial, 4 missing)

[4/5] Mapping compliance...
      ├── Mapping to OWASP Top 10...
      ├── Mapping to SOC2...
      └── Calculating coverage...
      ✓ Compliance mapping complete (OWASP: 82%, SOC2: 88%)

[5/5] Generating reports...
      ├── Aggregating findings...
      ├── Prioritizing risks...
      ├── Generating countermeasures...
      ├── Creating executive summary...
      ├── Compiling detailed report...
      └── Creating baseline snapshot...
      ✓ Reports generated

───────────────────────────────────────────────────────────────
                         SUMMARY
───────────────────────────────────────────────────────────────

Discovery:
  • 14 assets discovered
  • 22 data flows mapped
  • 5 trust boundaries identified
  • 12 attack surface entries cataloged

Threats:
  • 47 threats identified
  • 5 critical, 12 high, 18 medium, 12 low
  • 3 unmitigated critical threats

Controls:
  • 29 controls required
  • 62% fully implemented
  • 11 gaps identified (2 critical)

Compliance:
  • OWASP Top 10: 82%
  • SOC2: 88%

───────────────────────────────────────────────────────────────
                    CRITICAL FINDINGS
───────────────────────────────────────────────────────────────

1. [CRITICAL] Credential Stuffing Attack
   Risk: 8.5 | Target: Auth API | Gap: Rate limiting insufficient

2. [CRITICAL] SQL Injection in Legacy Module
   Risk: 8.2 | Target: Reports API | Gap: Queries not parameterized

3. [CRITICAL] JWT Token Theft via XSS
   Risk: 8.0 | Target: Session | Gap: HttpOnly not set

───────────────────────────────────────────────────────────────
                       FILES CREATED
───────────────────────────────────────────────────────────────

.threatmodel/
├── config.yaml
├── state/
│   ├── assets.json
│   ├── dataflows.json
│   ├── trust-boundaries.json
│   ├── attack-surface.json
│   ├── threats.json
│   ├── controls.json
│   ├── gaps.json
│   ├── risk-register.json
│   └── compliance.json
├── diagrams/
│   ├── architecture.mmd
│   ├── dataflow.mmd
│   └── trust-boundaries.mmd
├── reports/
│   ├── risk-report.md
│   ├── executive-summary.md
│   └── compliance-report.md
└── baseline/
    └── snapshot-20250120.json

───────────────────────────────────────────────────────────────
                      NEXT STEPS
───────────────────────────────────────────────────────────────

1. Review risk report: .threatmodel/reports/risk-report.md
2. Address critical findings immediately
3. Share executive summary with stakeholders
4. Create Jira tickets for gaps
5. Schedule follow-up assessment

═══════════════════════════════════════════════════════════════
                  THREAT MODEL COMPLETE
═══════════════════════════════════════════════════════════════

Error Handling

Documentation Not Found

[1/5] Initializing...
      └── ERROR: No documentation found at ./docs

Please specify documentation path:
  /tm-full --docs /path/to/architecture/docs

Or create documentation first.

Partial Failure

[3/5] Verifying controls...
      └── WARNING: Could not access codebase at ./src

Continuing with available information...
Control verification skipped.

To include verification:
  /tm-verify --thorough

Continuing to next step...

Instructions for Claude

When executing this skill:

  1. Parse arguments:

    • Extract --docs, --framework, --compliance, --output, --report-level
    • Use defaults for missing values

  2. Execute Step 1 - Initialize:

    • Follow /tm-init process
    • Display progress
    • Report findings

  3. Execute Step 2 - Threat Analysis:

    • Follow /tm-threats process
    • Use specified framework
    • Include abuse cases
    • Display progress

  4. Execute Step 3 - Verification:

    • Follow /tm-verify process
    • Use thorough mode
    • Collect evidence
    • Display progress

  5. Execute Step 4 - Compliance:

    • Follow /tm-compliance process
    • Map to specified frameworks
    • Display progress

  6. Execute Step 5 - Reporting:

    • Follow /tm-report process
    • Use specified detail level
    • Create baseline
    • Display progress

  7. Handle errors gracefully:

    • Continue if possible
    • Report what couldn't be completed
    • Suggest remediation

  8. Display final summary:

    • Key statistics
    • Critical findings
    • Files created
    • Next steps

Timing Guidance

The full workflow processes multiple phases. Between phases:

  • Display clear progress indicators
  • Show intermediate results
  • Allow for interruption if needed

Reference

This skill orchestrates:

Skills similaires

Auditeur de Securite

Premium

Securite

Analyse le code pour detecter les vulnerabilites OWASP Top 10.

Claude Codeadvanced
210
87
906
Admin

Checklist de Sécurité OWASP

Securite

Génère des checklists de sécurité applicative basées sur l'OWASP Top 10.

claudeCursorWindsurfintermediate
148
41
440
Admin

Modélisation de Menaces

Securite

Génère des documents de modélisation de menaces avec analyse STRIDE.

claudeCursoradvanced
78
23
289
Admin