Stats

Actions

Tags

Help us improve

Share bugs, ideas, or general feedback.

security-architecture | quality-attributes

Skill

security-architecture

From quality-attributes

Design security architecture covering authentication, authorization, data protection, and threat models. Use when building security-critical systems.

$

npx claudepluginhub sethdford/claude-skills --plugin architect-quality-attributes

Popularity

Parent stars

13

Parent forks

2

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/quality-attributes:security-architecture

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Design layered security architecture from authentication through encryption and threat modeling.

SKILL.md

48 lines · ~674 tokens

Similar Skills

oracle-security

25

Provides security architecture guidance and threat modeling using STRIDE. Auto-activates for authentication, authorization, untrusted data, external integrations, and file uploads.

2 files

reviewing-security-architecture

103

This skill should be used when the user asks to "review the security architecture", "check authentication patterns", "evaluate trust boundaries", "review encryption implementation", "assess authorization design", or needs to evaluate system designs for authentication, authorization, data protection, or cryptographic correctness.

2 files

bitwarden-security-engineer

nw-security-by-design

500

Provides OWASP security design principles, STRIDE threat modeling, and architectural mitigations. Use when designing systems or reviewing architecture for security.

Stats

Parent stars13

Parent forks2

MaintenanceFair

Last CommitMar 11, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Security Architecture

Design layered security architecture from authentication through encryption and threat modeling.

Context

You are designing security for a system. The user handles sensitive data or faces regulatory requirements. Read their threat model and compliance needs.

Domain Context

Based on OWASP, NIST, and zero-trust architecture principles:

Defense in Depth: Multiple layers of security; one breach doesn't expose everything
Least Privilege: Every component has minimum necessary permissions
Zero Trust: Never trust, always verify; authenticate and authorize every request
Encryption in Transit & at Rest: Prevent eavesdropping and unauthorized access
Audit Trails: Every security-relevant action logged for forensics

Instructions

Threat Model: Identify assets (data, functions), threats (unauthorized access, data leakage), and mitigations. Use STRIDE framework.
Design Authentication: Specify identity verification. Options: username/password (weakest), OAuth2 (better), mTLS (strongest). Support multi-factor authentication (MFA).
Design Authorization: Specify access control. Role-based access control (RBAC) or attribute-based (ABAC)? Who can read/write/delete which resources?
Protect Data: Data at rest: encrypt database and backups. Data in transit: use TLS 1.2+. Keys: use KMS (Key Management Service), never hardcode.
Audit & Monitor: Log all security-relevant actions. Monitor for suspicious patterns (brute force, unusual access patterns). Alert on threshold violations.

Anti-Patterns

Security as Afterthought: Build system, add security later. Result: pervasive vulnerabilities. Guard: Security architecture defined during design phase.
Assuming HTTPS is Enough: Encrypt traffic but not database. Result: database breach exposes data. Guard: Encrypt data at rest independently of TLS.
Hardcoding Secrets: API keys, passwords in code. Result: exposure in logs, backups, repositories. Guard: Use KMS or secret management service for all secrets.
No Audit Trail: Can't investigate breaches. Guard: Log all auth, authz, and data access decisions. Immutable audit log.

Further Reading

Threat Modeling by Adam Shostack — STRIDE framework and threat identification
Web Application Security by Andrew Hoffman — practical defense strategies
NIST Cybersecurity Framework — comprehensive security controls and maturity model