sudacode/dotfiles
1
0
Fork 0
mirror of https://github.com/ksyasuda/dotfiles.git synced 2026-02-28 00:22:41 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
70dd0779f2e9cd169b691f93da5930fb0525e8a3
dotfiles/.agents/skills/security-threat-model/references/security-controls-and-assets.md
sudacode 70dd0779f2 update
2026-02-19 00:33:08 -08:00

1.6 KiB
Raw Blame History

Security Controls and Asset Categories

Use this as a lightweight checklist to keep outputs consistent across teams. Prefer concrete, system-specific items over generic text.

Asset categories (pick only what applies)

  • User data (PII, content, uploads)
  • Authentication artifacts (passwords, tokens, sessions, cookies)
  • Authorization state (roles, policies, ACLs)
  • Secrets and keys (API keys, signing keys, encryption keys)
  • Configuration and feature flags
  • Models and weights (if ML systems)
  • Source code and build artifacts
  • Audit logs and telemetry
  • Availability-critical resources (queues, caches, rate limits, compute budgets)
  • Tenant isolation boundaries and metadata

Security control categories

  • Identity and access: authN, authZ, session handling, mTLS, key rotation
  • Input protection: schema validation, parsing hardening, upload scanning, sandboxing
  • Network safeguards: TLS, network policies, WAF, rate limiting, DoS controls
  • Data protection: encryption at rest/in transit, tokenization, redaction
  • Isolation: process sandboxing, container boundaries, tenant isolation, seccomp
  • Observability: audit logs, alerting, anomaly detection, tamper resistance
  • Supply chain: dependency pinning, SBOMs, provenance, signing
  • Change control: CI checks, deployment approvals, config guardrails

Mitigation phrasing patterns

  • "Enforce schema at for before ."
  • "Require authZ check for on in ."
  • "Isolate <parser/component> in a sandbox with ."
  • "Rate limit by and apply burst caps."
  • "Encrypt at rest using and rotate ."
Reference in New Issue View Git Blame Copy Permalink