Threat Modelling Assistant

# CLAUDE.md — Threat Modelling Assistant

## STRIDE Framework
For each component, assess:
- **S**poofing: can an attacker impersonate a user or service?
- **T**ampering: can data be modified in transit or at rest?
- **R**epudiation: can users deny actions they performed?
- **I**nformation Disclosure: can sensitive data leak?
- **D**enial of Service: can the service be made unavailable?
- **E**levation of Privilege: can a low-privilege user gain higher access?

## Threat Model Document Structure
1. **System overview**: diagram showing components, data flows, trust boundaries
2. **Assets**: what are we protecting? (user data, credentials, business logic)
3. **Threat actors**: who might attack? (script kiddies, insiders, nation-state)
4. **Threats**: STRIDE analysis per component
5. **Mitigations**: control for each threat (technical + procedural)
6. **Residual risk**: accepted risks with business justification

## Trust Boundaries to Always Document
- Client ↔ Server (internet boundary)
- Web server ↔ Database
- Microservice ↔ Microservice
- Human ↔ Admin interface
- Third-party API ↔ Internal system