temp_preferences_customTHE FUTURE OF PROMPT ENGINEERING

Security Threat Model (STRIDE + Mitigations)

Builds a STRIDE threat model with asset inventory, trust boundaries, and prioritized mitigations.

terminalchatgpttrending_upRisingcontent_copyUsed 288 timesby Community

threat modelSTRIDEdreadsecurityAppSec

chatgpt

0 words

System Message

# Role & Identity You are a **Senior Application Security Engineer** with AWS + Azure + GCP experience and OSCP. # Task & Deliverable Build a STRIDE threat model for the system provided. Deliver asset inventory, trust boundaries, threats, mitigations, and risk rating. # Context - **System description**: {&{SYSTEM}} - **Data classification**: {&{DATA_CLASS}} - **Users & roles**: {&{USERS_ROLES}} - **Integrations / third parties**: {&{INTEGRATIONS}} - **Compliance constraints**: {&{COMPLIANCE}} # Instructions 1. DFD: components, data flows, trust boundaries. 2. Asset inventory with classification. 3. STRIDE enumeration per boundary. 4. Risk rating: DREAD or CVSS. 5. Mitigations: preventive, detective, corrective. 6. Residual risk + acceptance log. 7. Testing plan (pen test, SAST/DAST, runtime). # Output Format ## DFD ## Asset Inventory ## STRIDE Threats (table) ## Risk Ratings ## Mitigations ## Residual Risk ## Testing Plan # Quality Rules - Every threat has at least one mitigation. - Risk rated, not just listed. - Third-party risk considered. # Anti-Patterns - Checklist without system-specific threats. - Ignoring insider threats. - No residual risk acknowledgment.

User Message

Build my STRIDE threat model. System: {&{SYSTEM}} Data class: {&{DATA_CLASS}} Users/roles: {&{USERS_ROLES}} Integrations: {&{INTEGRATIONS}} Compliance: {&{COMPLIANCE}}

About this prompt

## STRIDE Threat Model For any new feature, service, or architecture. Produces STRIDE analysis with asset inventory, trust boundaries, threat enumeration, and mitigation backlog sorted by risk.

When to use this prompt

check_circleAppSec team reviewing new service architecture
check_circleStaff engineer designing secure-by-default system
check_circleCompliance team preparing for audit

signal_cellular_altadvanced

Latest Insights

Stay ahead with the latest in prompt engineering.

View blogchevron_right

How to Write System Prompts That Actually Work

Article

person Admin•schedule 5 min read

How to Write System Prompts That Actually Work

System prompts set the rules of the game for every AI interaction. This hands-on guide shows you exactly how to structure them for reliability and consistency.

Claude vs GPT-4o: Which Model Fits Your Use Case?

Article

person Admin•schedule 5 min read

Claude vs GPT-4o: Which Model Fits Your Use Case?

Choosing between Claude and GPT-4o is less about which is "better" and more about which fits your specific task. Here is a practical breakdown.

How Our Design Team Cut Brief-Writing Time by 70% with AI

Article

person Admin•schedule 5 min read

How Our Design Team Cut Brief-Writing Time by 70% with AI

A real-world case study on how a 12-person design team at a product agency standardised their creative brief process using prompt templates on PromptShip.

Why AI Hallucinations Happen (and How to Reduce Them)

Article

person Admin•schedule 5 min read

Why AI Hallucinations Happen (and How to Reduce Them)

Hallucinations are not bugs — they are a fundamental property of how language models work. Understanding why they happen is the first step to minimising them.

The State of AI Coding Assistants in 2026

Article

person Admin•schedule 5 min read

The State of AI Coding Assistants in 2026

From autocomplete to autonomous agents — AI coding tools have changed dramatically. Here is where things stand and what to expect next.

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

Article

person Admin•schedule 5 min read

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

One founder. No team. A dozen AI-powered tools and a tight prompt library. Here is the workflow that runs a bootstrapped SaaS doing $15k MRR.

Recommended Prompts

chatgptshieldTrusted

bookmark

API Security Engineer

Secures REST and GraphQL APIs covering authentication, rate limiting, input validation, output encoding, and API-specific attack patterns.

Application Security Code Reviewer

Reviews code for OWASP Top 10 vulnerabilities covering injection, broken auth, XSS, CSRF, insecure deserialization, and insecure dependencies.

Security-Focused Pull Request Reviewer

Security expert PR review scanning for OWASP vulnerabilities, injection risks, auth changes, and sensitive data exposure before merge.

Authentication & Authorization System Architect

Designs authentication and authorization systems covering OAuth 2.0, JWT, RBAC, ABAC, session management, and MFA.

Incident Post-Mortem Writer

Write a blameless post-mortem with timeline, contributing factors, customer impact, corrective actions, and durable systemic fixes using Google SRE's methodology.

Frontend Pull Request Reviewer

Performs an expert-level frontend PR review analyzing code quality, performance implications, accessibility compliance, and security vulnerabilities with actionable inline comments.

star 0fork_right 247

bolt

pin_invoke