Threat modeling methodologies (STRIDE, DREAD), attack trees, threat modeling as code, and integration with SDLC for proactive security design
View on GitHubJanuary 21, 2026
Select agents to install to:
npx add-skill https://github.com/melodic-software/claude-code-plugins/blob/main/plugins/security/skills/threat-modeling/SKILL.md -a claude-code --skill threat-modelingInstallation paths:
.claude/skills/threat-modeling/# Threat Modeling Systematic approach to identifying, quantifying, and addressing security threats in software systems. ## When to Use This Skill **Keywords:** threat modeling, STRIDE, DREAD, attack trees, security design, risk assessment, threat analysis, data flow diagram, trust boundary, attack surface, threat enumeration **Use this skill when:** - Designing new systems or features - Conducting security architecture reviews - Identifying potential attack vectors - Prioritizing security investments - Documenting security assumptions - Integrating security into SDLC - Creating threat models as code ## Quick Decision Tree 1. **Starting a threat model?** → Begin with [Threat Modeling Process](#threat-modeling-process) 2. **Identifying threats?** → Use [STRIDE methodology](#stride-methodology) 3. **Prioritizing threats?** → Apply [DREAD scoring](#dread-risk-scoring) or [Attack Trees](#attack-trees) 4. **Automating threat models?** → See [references/threat-modeling-tools.md](references/threat-modeling-tools.md) 5. **Specific architecture patterns?** → See [Architecture-Specific Threats](#architecture-specific-threats) ## Threat Modeling Process ```text ┌─────────────────────────────────────────────────────────────────┐ │ THREAT MODELING WORKFLOW │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ 1. DECOMPOSE 2. IDENTIFY 3. PRIORITIZE │ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ │ │ System │──────▶│ Threats │───────▶│ Risks │ │ │ │ Model │ │ (STRIDE) │ │ (DREAD) │ │ │ └──────────┘ └──────────┘ └──────────┘ │ │ │ │ │ │ │ ▼ ▼ ▼ │ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ │ │ DFD