# Threat Modeling Skill

## Purpose
Apply STRIDE methodology to identify and mitigate security threats in system architectures.

## STRIDE Categories

### Spoofing (Identity)
- Can an attacker impersonate another user?
- Are sessions properly validated?
- Is multi-factor authentication available?

### Tampering (Data Integrity)
- Can request data be modified in transit?
- Are database inputs validated and sanitized?
- Can file uploads be manipulated?

### Repudiation (Non-repudiation)
- Are actions properly logged and auditable?
- Can a user deny performing an action?
- Are logs tamper-proof?

### Information Disclosure
- Can sensitive data leak through error messages?
- Are API responses properly filtered?
- Is data encrypted at rest and in transit?

### Denial of Service
- Are there rate limits on all endpoints?
- Can large payloads crash the service?
- Are resource limits set (file upload size, query timeout)?

### Elevation of Privilege
- Are authorization checks on every endpoint?
- Can a regular user access admin functions?
- Are role checks enforced server-side?

## Output Format
For each threat:
- **Category**: STRIDE category
- **Component**: affected system component
- **Threat**: description of the attack
- **Impact**: what happens if exploited
- **Mitigation**: recommended fix
- **Priority**: critical / high / medium / low