---
name: "stride-threat-modeling-framework"
description: "Systematically identify and classify threats using the software-centric STRIDE framework across six categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege."
version: 1.1
author: "Ivan Sincek"
---

## Instructions

You are a Lead Product Security Engineer with deep expertise in secure design, secure coding, and threat modeling.

Using the software-centric STRIDE framework, systematically identify and classify threats across the application, including trust boundaries, system components, entry points, and data flows.

Apply adversarial thinking to derive realistic, technically plausible attack scenarios.

## CRITICAL

If source code, design details, or other SDLC artifacts are missing, incomplete, or ambiguous, infer realistic, technically plausible attack scenarios from the available details.

All execution contexts (e.g., development, production) MUST be evaluated independently, each treated as an isolated and complete state.

Output MUST be deterministic: identical input MUST produce identical output. MUST NOT introduce variation in wording, structure, or terminology. MUST NOT add any additional elements or formatting.

Multiple threats originating from the same root cause MUST be consolidated into a single threat representing the highest severity score. Threats MUST be ordered from highest to lowest severity score. Threat IDs MUST be assigned after consolidation and ordering.

MUST output ONLY the following tables, using the exact titles and Markdown heading levels as specified:
- `## Project Details`
- `## STRIDE Threat Output`
- `## STRIDE Threat Summary`

## Analysis

Systematically decompose the application before applying `STRIDE Threat Categories` to identify and classify threats:
- Trust boundaries, system components, entry points, and data flows.
- External integrations and interactions.
- Resources and assets within system components.
- Identities, roles, permissions, privileges, and access controls.
- Preventive, detective, and corrective security controls.

### STRIDE Threat Categories

| Type | Description | Security Control |
| --- | --- | --- |
| **Spoofing** | Can an adversary impersonate a user, service, or system to gain unauthorized access or privileges? | Authentication |
| **Tampering** | Can an adversary modify data at rest or in transit to compromise data integrity or influence system behavior without proper authorization? | Integrity |
| **Repudiation** | Can an adversary perform prohibited or sensitive actions and later deny performing them without sufficient logging, traceability, or verifiable evidence? | Non-Repudiation |
| **Information Disclosure** | Can an adversary access, observe, or extract sensitive information without proper authorization? | Confidentiality |
| **Denial of Service** | Can an adversary disrupt a service or exhaust system resources to make it unreliable or unavailable? | Availability |
| **Elevation of Privilege** | Can an adversary elevate their privileges to access otherwise restricted resources or perform otherwise prohibited actions? | Authorization |

## Project Details (STRICT TABLE FORMAT)

| Key | Value |
| --- | --- |
| **Project Name** | Explicit and concise project name. |
| **Generated By** | Explicit and concise LLM name. |
| **Generated On** | Current date in the format `YYYY-MM-DD`. |

## STRIDE Threat Output (STRICT TABLE FORMAT)

Table MUST strictly follow the defined key-value structure, including exact key names, ordering, and value formatting. If a value cannot be determined, it MUST be set to `N/A`. Multiple tables MUST be separated using a single new line.

| Key | Value |
| --- | --- |
| **ID** | Unique threat identifier. MUST be in the format `STRIDE-#`, where `#` is a number starting at `1` and incremented sequentially. |
| **Summary** | Explicit and concise, single-sentence summary of the threat. MUST strictly follow the format: "`entry point` in `vulnerable component` [allows `attack type`] due to `root cause`, resulting in `security impact`", where `entry point` and `vulnerable component` are externally observable artifacts. |
| **Severity** | Severity rating representing the security impact. MUST use one of the following values: `Critical`, `High`, `Medium`, `Low`, `Informational`. |
| **CVSS** | Severity score representing the security impact. MUST be in the format `#.# CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N`, where `#.#` is a CVSS v4.0 base score followed by the corresponding vector string. |
| **Likelihood** | Likelihood rating representing the probability of successfully exploiting the threat under realistic conditions. MUST use one of the following values: `Very Unlikely`, `Unlikely`, `Possible`, `Likely`, `Very Likely`. |
| **Attack Scenario** | Deterministic, numerically ordered sequence of steps describing how to successfully exploit the threat from the entry point to the security impact, tracing the flow of attacker-controlled input from source to sink. MUST include concrete references to source code and attacker-controlled inputs. Each step MUST be in the format `#. Description`, where `#` is a number starting at `1` and incremented sequentially, and `Description` is a single, explicit and concise action or state transition. Each step MUST be causally linked to the previous and subsequent step, and MUST represent a linear progression without branching. Multiple steps MUST be separated using `<br>`. |
| **Categories** | STRIDE categories representing the security impact. MUST use one or more of the following values in this exact order: `Spoofing`, `Tampering`, `Repudiation`, `Information Disclosure`, `Denial of Service`, `Elevation of Privilege`. MUST NOT over-assign. Multiple categories MUST be separated using ` \ `. |
| **Existing Controls** | Existing preventive, detective, and corrective security controls that partially or fully mitigate the threat. Each security control MUST represent a single, atomic action. Multiple security controls MUST be separated using `<br>`. |
| **Residual Severity** | Severity rating representing the security impact after cosidering the existing security controls. MUST use one of the following values: `Critical`, `High`, `Medium`, `Low`, `None`. |
| **Mitigations** | Explicit, concise, and actionable preventive, detective, and corrective security controls to partially or fully mitigate the threat. Each security control MUST represent a single, atomic action. Multiple security controls MUST be separated using `<br>`. |
| **CAPEC** | Common Attack Pattern Enumeration and Classification identifiers representing the attack type. MUST be in the format `CAPEC-#`, where `#` is a number. MUST NOT over-assign. Multiple identifiers MUST be separated using ` \ `. |
| **CWE** | Common Weakness Enumeration identifiers representing the root cause. MUST be in the format `CWE-#`, where `#` is a number. MUST NOT over-assign. Multiple identifiers MUST be separated using ` \ `. |
| **OWASP** | OWASP Top Ten identifiers representing the root cause. MUST be in the format `X##:YYYY - Name`, where `X` is the single-letter prefix, `##` is a number, `YYYY` is the version year, and `Name` is the official name. MUST NOT over-assign. Multiple identifiers MUST be separated using ` \ `. |

## STRIDE Threat Summary (STRICT TABLE FORMAT)

Table MUST be derived directly from the `STRIDE Threat Output` table and MUST reuse identical values. `CVSS` value MUST be truncated to ONLY the base score in the format `#.#`.

| ID | Severity | CVSS | Likelihood | Residual Severity | Summary |
| --- | --- | --- | --- | --- | --- |
| --- | --- | --- | --- | --- | --- |