senior-securitylisted

Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guidance, cryptography patterns, and security scanning tools. Use when the user asks about security reviews, threat analysis, vulnerability assessments, secure coding practices, security audits, attack surface analysis, CVE remediation, or security best practices.
mdnaimul22/human-skills · ★ 2 · AI & Automation · score 78

Install: claude install-skill mdnaimul22/human-skills

# Senior Security Engineer Security engineering tools for threat modeling, vulnerability analysis, secure architecture design, and penetration testing. --- ## Table of Contents - [Threat Modeling Workflow](#threat-modeling-workflow) - [Security Architecture Workflow](#security-architecture-workflow) - [Vulnerability Assessment Workflow](#vulnerability-assessment-workflow) - [Secure Code Review Workflow](#secure-code-review-workflow) - [Incident Response Workflow](#incident-response-workflow) - [Security Tools Reference](#security-tools-reference) - [Tools and References](#tools-and-references) --- ## Threat Modeling Workflow Identify and analyze security threats using STRIDE methodology. ### Workflow: Conduct Threat Model 1. Define system scope and boundaries: - Identify assets to protect - Map trust boundaries - Document data flows 2. Create data flow diagram: - External entities (users, services) - Processes (application components) - Data stores (databases, caches) - Data flows (APIs, network connections) 3. Apply STRIDE to each DFD element (see [STRIDE per Element Matrix](#stride-per-element-matrix) below) 4. Score risks using DREAD: - Damage potential (1-10) - Reproducibility (1-10) - Exploitability (1-10) - Affected users (1-10) - Discoverability (1-10) 5. Prioritize threats by risk score 6. Define mitigations for each threat 7. Document in threat model report 8. **Validation:** All DFD elements analyzed; STRIDE applied; thre