senior-security_skill

This skill guides threat modeling, vulnerability analysis, and secure design using STRIDE, OWASP, and best-practice security patterns to strengthen systems.
  • Python

4.6k

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

3 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill alirezarezvani/claude-skills --skill senior-security

  • SKILL.md15.0 KB

Overview

This skill is a senior security engineering toolkit for threat modeling, vulnerability analysis, secure architecture design, and penetration testing. It bundles STRIDE threat modeling, OWASP guidance, cryptography recommendations, and practical scanning and incident response workflows. Use it to run structured security reviews, build secure designs, and produce prioritized remediation plans.

How this skill works

The skill guides users through repeatable workflows: create DFDs and apply STRIDE with DREAD scoring for threat models; design defense-in-depth architectures and Zero Trust controls; run automated SAST/DAST/dependency/secret scans and follow up with manual verification; and execute incident response playbooks. It includes code patterns, scanner scripts, tool recommendations, and checklists to validate each step and document findings.

When to use it

  • Performing threat modeling early in design or before major releases
  • Running vulnerability assessments or penetration tests on apps and APIs
  • Conducting secure code reviews and CI/CD secret scanning
  • Designing or reviewing secure architecture and authentication patterns
  • Preparing or executing incident response and post-mortems

Best practices

  • Start with a clear scope and data flow diagrams; map trust boundaries before applying STRIDE
  • Combine automated scans with targeted manual testing for business-logic issues
  • Prioritize fixes by risk (DREAD-style) and assign owners with deadlines
  • Use defense-in-depth and Zero Trust: validate every request and apply least privilege
  • Adopt strong crypto defaults (AES-256-GCM, Argon2id, Ed25519) and manage keys centrally
  • Integrate secret detection and dependency scanning into CI/CD pipelines

Example use cases

  • Run a STRIDE threat model for a new microservice handling sensitive customer data
  • Perform a vulnerability assessment before a public launch and produce a remediation backlog
  • Review authentication and authorization code for an OAuth2/OIDC implementation
  • Scan a repository for hardcoded secrets and generate CI-ready findings
  • Draft an incident response plan and run a tabletop exercise using the provided checklist

FAQ

Recommended tools include Semgrep, CodeQL, Bandit for SAST; OWASP ZAP and Burp Suite for DAST; Snyk and pip-audit for dependency scanning; and GitLeaks or detect-secrets for secret detection.

How are threats prioritized?

Threats are scored using DREAD factors (damage, reproducibility, exploitability, affected users, discoverability) to produce a risk score, then prioritized by impact and ease of mitigation.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
senior-security skill by alirezarezvani/claude-skills | VeilStrat