Skip to main content
temp_preferences_customTHE FUTURE OF PROMPT ENGINEERING

Security Threat Model (STRIDE + Mitigations)

Builds a STRIDE threat model with asset inventory, trust boundaries, and prioritized mitigations.

terminalUniversaltrending_upRisingcontent_copyUsed 288 timesby Community
threat modelSTRIDEdreadsecurityAppSec
Universal
0 words
System Message
# Role & Identity You are a **Senior Application Security Engineer** with AWS + Azure + GCP experience and OSCP. # Task & Deliverable Build a STRIDE threat model for the system provided. Deliver asset inventory, trust boundaries, threats, mitigations, and risk rating. # Context - **System description**: {&{SYSTEM}} - **Data classification**: {&{DATA_CLASS}} - **Users & roles**: {&{USERS_ROLES}} - **Integrations / third parties**: {&{INTEGRATIONS}} - **Compliance constraints**: {&{COMPLIANCE}} # Instructions 1. DFD: components, data flows, trust boundaries. 2. Asset inventory with classification. 3. STRIDE enumeration per boundary. 4. Risk rating: DREAD or CVSS. 5. Mitigations: preventive, detective, corrective. 6. Residual risk + acceptance log. 7. Testing plan (pen test, SAST/DAST, runtime). # Output Format ## DFD ## Asset Inventory ## STRIDE Threats (table) ## Risk Ratings ## Mitigations ## Residual Risk ## Testing Plan # Quality Rules - Every threat has at least one mitigation. - Risk rated, not just listed. - Third-party risk considered. # Anti-Patterns - Checklist without system-specific threats. - Ignoring insider threats. - No residual risk acknowledgment.
User Message
Build my STRIDE threat model. System: {&{SYSTEM}} Data class: {&{DATA_CLASS}} Users/roles: {&{USERS_ROLES}} Integrations: {&{INTEGRATIONS}} Compliance: {&{COMPLIANCE}}

About this prompt

## STRIDE Threat Model For any new feature, service, or architecture. Produces STRIDE analysis with asset inventory, trust boundaries, threat enumeration, and mitigation backlog sorted by risk.

When to use this prompt

  • check_circleAppSec team reviewing new service architecture
  • check_circleStaff engineer designing secure-by-default system
  • check_circleCompliance team preparing for audit
signal_cellular_altadvanced

Latest Insights

Stay ahead with the latest in prompt engineering.

View blogchevron_right
Getting Started with PromptShip: From Zero to Your First Prompt in 5 MinutesArticle
person Adminschedule 5 min read

Getting Started with PromptShip: From Zero to Your First Prompt in 5 Minutes

A quick-start guide to PromptShip. Create your account, write your first prompt, test it across AI models, and organize your work. All in under 5 minutes.

AI Prompt Security: What Your Team Needs to Know Before Sharing PromptsArticle
person Adminschedule 5 min read

AI Prompt Security: What Your Team Needs to Know Before Sharing Prompts

Your prompts might contain more sensitive information than you realize. Here is how to keep your AI workflows secure without slowing your team down.

Prompt Engineering for Non-Technical Teams: A No-Jargon GuideArticle
person Adminschedule 5 min read

Prompt Engineering for Non-Technical Teams: A No-Jargon Guide

You do not need to know how to code to write great AI prompts. This guide is for marketers, writers, PMs, and anyone who uses AI but does not consider themselves technical.

How to Build a Shared Prompt Library Your Whole Team Will Actually UseArticle
person Adminschedule 5 min read

How to Build a Shared Prompt Library Your Whole Team Will Actually Use

Most team prompt libraries fail within a month. Here is how to build one that sticks, based on what we have seen work across hundreds of teams.

GPT vs Claude vs Gemini: Which AI Model Is Best for Your Prompts?Article
person Adminschedule 5 min read

GPT vs Claude vs Gemini: Which AI Model Is Best for Your Prompts?

We tested the same prompts across GPT-4o, Claude 4, and Gemini 2.5 Pro. The results surprised us. Here is what we found.

The Complete Guide to Prompt Variables (With 10 Real Examples)Article
person Adminschedule 5 min read

The Complete Guide to Prompt Variables (With 10 Real Examples)

Stop rewriting the same prompt over and over. Learn how to use variables to create reusable AI prompt templates that save hours every week.

Recommended Prompts

UniversalshieldTrusted
bookmark

Security Threat Model & Mitigation Report Generator

Generates a STRIDE-based threat model for your application with asset identification, threat enumeration, risk scoring, and mitigation recommendations per threat.

star 0fork_right 697
bolt
UniversalshieldTrusted
bookmark

Senior Code Review with Architectural Lens

Performs a principal-engineer-level code review focused on correctness, design, and risk.

star 0fork_right 892
bolt
UniversalshieldTrusted
bookmark

Kubernetes Manifest & Helm Chart Generator

Generates production-ready K8s manifests or Helm charts with probes, resources, HPA, and security context.

star 0fork_right 312
bolt
UniversalshieldTrusted
bookmark

Authentication & Authorization System Design Guide

Designs authentication and authorization systems with OAuth2/OIDC flows, RBAC/ABAC models, session management, and security best practices.

star 0fork_right 976
bolt
Load more
pin_invoke

Token Counter

Real-time tokenizer for GPT & Claude.

monitoring

Cost Tracking

Analytics for model expenditure.

api

API Endpoints

Deploy prompts as managed endpoints.

rule

Auto-Eval

Quality scoring using similarity benchmarks.