@sylix/coworker 2.0.11 → 2.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/slash/config.d.ts.map +1 -1
- package/dist/commands/slash/config.js +22 -4
- package/dist/commands/slash/config.js.map +1 -1
- package/dist/core/CoWorkerAgent.d.ts.map +1 -1
- package/dist/core/CoWorkerAgent.js +6 -3
- package/dist/core/CoWorkerAgent.js.map +1 -1
- package/dist/skills/defaults/accessibility/screen-reader-testing.md +545 -0
- package/dist/skills/defaults/accessibility/wcag-audit-patterns.md +555 -0
- package/dist/skills/defaults/ai-ml/rag.md +276 -0
- package/dist/skills/defaults/backend-development/api-design-principles.md +528 -0
- package/dist/skills/defaults/backend-development/api-design.md +285 -0
- package/dist/skills/defaults/backend-development/architecture-patterns.md +494 -0
- package/dist/skills/defaults/backend-development/async-python.md +237 -0
- package/dist/skills/defaults/backend-development/auth-implementation-patterns.md +638 -0
- package/dist/skills/defaults/backend-development/bazel-build-optimization.md +387 -0
- package/dist/skills/defaults/backend-development/billing-automation/SKILL.md +566 -0
- package/dist/skills/defaults/backend-development/code-review-excellence.md +538 -0
- package/dist/skills/defaults/backend-development/cqrs-implementation.md +554 -0
- package/dist/skills/defaults/backend-development/database-design.md +305 -0
- package/dist/skills/defaults/backend-development/debugging-strategies.md +536 -0
- package/dist/skills/defaults/backend-development/e2e-testing-patterns.md +544 -0
- package/dist/skills/defaults/backend-development/error-handling-patterns.md +641 -0
- package/dist/skills/defaults/backend-development/fastapi-templates.md +559 -0
- package/dist/skills/defaults/backend-development/fastapi.md +309 -0
- package/dist/skills/defaults/backend-development/git-advanced-workflows.md +405 -0
- package/dist/skills/defaults/backend-development/microservices-patterns.md +595 -0
- package/dist/skills/defaults/backend-development/microservices.md +284 -0
- package/dist/skills/defaults/backend-development/monorepo-management.md +623 -0
- package/dist/skills/defaults/backend-development/nodejs-backend-patterns.md +1048 -0
- package/dist/skills/defaults/backend-development/nx-workspace-patterns.md +457 -0
- package/dist/skills/defaults/backend-development/paypal-integration/SKILL.md +478 -0
- package/dist/skills/defaults/backend-development/pci-compliance/SKILL.md +480 -0
- package/dist/skills/defaults/backend-development/python-anti-patterns.md +349 -0
- package/dist/skills/defaults/backend-development/python-background-jobs.md +364 -0
- package/dist/skills/defaults/backend-development/python-code-style.md +360 -0
- package/dist/skills/defaults/backend-development/python-configuration.md +368 -0
- package/dist/skills/defaults/backend-development/python-design-patterns.md +296 -0
- package/dist/skills/defaults/backend-development/python-error-handling.md +323 -0
- package/dist/skills/defaults/backend-development/python-packaging.md +887 -0
- package/dist/skills/defaults/backend-development/python-performance-optimization.md +874 -0
- package/dist/skills/defaults/backend-development/python-project-structure.md +252 -0
- package/dist/skills/defaults/backend-development/python-resilience.md +376 -0
- package/dist/skills/defaults/backend-development/python-resource-management.md +421 -0
- package/dist/skills/defaults/backend-development/python-type-safety.md +428 -0
- package/dist/skills/defaults/backend-development/sql-optimization-patterns.md +509 -0
- package/dist/skills/defaults/backend-development/stripe-integration/SKILL.md +522 -0
- package/dist/skills/defaults/backend-development/turborepo-caching.md +376 -0
- package/dist/skills/defaults/blockchain/defi-protocol-templates.md +430 -0
- package/dist/skills/defaults/blockchain/nft-standards.md +364 -0
- package/dist/skills/defaults/blockchain/solidity-security.md +514 -0
- package/dist/skills/defaults/blockchain/web3-testing.md +360 -0
- package/dist/skills/defaults/business/competitive-landscape/SKILL.md +527 -0
- package/dist/skills/defaults/business/market-sizing-analysis/SKILL.md +451 -0
- package/dist/skills/defaults/business/startup-financial-modeling/SKILL.md +494 -0
- package/dist/skills/defaults/business/startup-metrics-framework/SKILL.md +564 -0
- package/dist/skills/defaults/business/team-composition-analysis.md +437 -0
- package/dist/skills/defaults/compliance/employment-contract-templates/SKILL.md +527 -0
- package/dist/skills/defaults/compliance/gdpr-data-handling/SKILL.md +630 -0
- package/dist/skills/defaults/data-engineering/airflow-dag-patterns.md +436 -0
- package/dist/skills/defaults/data-engineering/airflow.md +519 -0
- package/dist/skills/defaults/data-engineering/data-quality.md +583 -0
- package/dist/skills/defaults/data-engineering/dbt-transformation-patterns.md +482 -0
- package/dist/skills/defaults/data-engineering/dbt.md +556 -0
- package/dist/skills/defaults/data-engineering/ml-pipeline-workflow/SKILL.md +247 -0
- package/dist/skills/defaults/data-engineering/spark-optimization.md +348 -0
- package/dist/skills/defaults/data-engineering/spark.md +411 -0
- package/dist/skills/defaults/database/postgresql.md +202 -0
- package/dist/skills/defaults/debugging/systematic-debugging.md +249 -0
- package/dist/skills/defaults/devops/architecture-decision-records.md +448 -0
- package/dist/skills/defaults/devops/changelog-automation.md +580 -0
- package/dist/skills/defaults/devops/cicd.md +314 -0
- package/dist/skills/defaults/devops/cloud.md +263 -0
- package/dist/skills/defaults/devops/code-review-excellence.md +299 -0
- package/dist/skills/defaults/devops/cost-optimization.md +295 -0
- package/dist/skills/defaults/devops/deployment-pipeline-design.md +356 -0
- package/dist/skills/defaults/devops/docker.md +281 -0
- package/dist/skills/defaults/devops/git-workflows.md +205 -0
- package/dist/skills/defaults/devops/github-actions.md +311 -0
- package/dist/skills/defaults/devops/gitlab-ci-patterns.md +266 -0
- package/dist/skills/defaults/devops/hybrid-cloud-networking.md +241 -0
- package/dist/skills/defaults/devops/istio-traffic-management.md +327 -0
- package/dist/skills/defaults/devops/kubernetes.md +339 -0
- package/dist/skills/defaults/devops/linkerd-patterns.md +311 -0
- package/dist/skills/defaults/devops/multi-cloud-architecture.md +181 -0
- package/dist/skills/defaults/devops/observability.md +243 -0
- package/dist/skills/defaults/devops/openapi-spec-generation.md +1024 -0
- package/dist/skills/defaults/devops/postmortem-writing.md +396 -0
- package/dist/skills/defaults/devops/prometheus-configuration.md +265 -0
- package/dist/skills/defaults/devops/secrets-management.md +341 -0
- package/dist/skills/defaults/devops/service-mesh-observability.md +385 -0
- package/dist/skills/defaults/devops/terraform-module-library.md +244 -0
- package/dist/skills/defaults/finance/backtesting-frameworks/SKILL.md +663 -0
- package/dist/skills/defaults/finance/risk-metrics-calculation/SKILL.md +557 -0
- package/dist/skills/defaults/frontend/accessibility-compliance.md +420 -0
- package/dist/skills/defaults/frontend/design-system-patterns.md +337 -0
- package/dist/skills/defaults/frontend/interaction-design.md +327 -0
- package/dist/skills/defaults/frontend/javascript.md +311 -0
- package/dist/skills/defaults/frontend/modern-javascript-patterns.md +927 -0
- package/dist/skills/defaults/frontend/react-native-design.md +440 -0
- package/dist/skills/defaults/frontend/react.md +345 -0
- package/dist/skills/defaults/frontend/responsive-design.md +472 -0
- package/dist/skills/defaults/frontend/tailwind-design-system.md +337 -0
- package/dist/skills/defaults/frontend/typescript-advanced-types.md +724 -0
- package/dist/skills/defaults/frontend/typescript.md +334 -0
- package/dist/skills/defaults/frontend/visual-design-foundations.md +326 -0
- package/dist/skills/defaults/frontend/web-component-design.md +279 -0
- package/dist/skills/defaults/game-development/godot-gdscript-patterns.md +188 -0
- package/dist/skills/defaults/game-development/unity-ecs-patterns.md +594 -0
- package/dist/skills/defaults/kubernetes/gitops-workflow.md +285 -0
- package/dist/skills/defaults/kubernetes/gitops.md +280 -0
- package/dist/skills/defaults/kubernetes/helm-chart-scaffolding.md +553 -0
- package/dist/skills/defaults/kubernetes/helm.md +343 -0
- package/dist/skills/defaults/kubernetes/k8s-manifest-generator.md +501 -0
- package/dist/skills/defaults/kubernetes/k8s-security-policies.md +342 -0
- package/dist/skills/defaults/kubernetes/manifests.md +330 -0
- package/dist/skills/defaults/kubernetes/security.md +337 -0
- package/dist/skills/defaults/llm-application/embedding-strategies.md +608 -0
- package/dist/skills/defaults/llm-application/hybrid-search-implementation.md +570 -0
- package/dist/skills/defaults/llm-application/hybrid-search.md +570 -0
- package/dist/skills/defaults/llm-application/langchain-architecture.md +666 -0
- package/dist/skills/defaults/llm-application/langchain.md +259 -0
- package/dist/skills/defaults/llm-application/llm-evaluation.md +695 -0
- package/dist/skills/defaults/llm-application/prompt-engineering-patterns.md +449 -0
- package/dist/skills/defaults/llm-application/prompt-engineering.md +219 -0
- package/dist/skills/defaults/llm-application/rag-implementation.md +434 -0
- package/dist/skills/defaults/llm-application/similarity-search-patterns.md +560 -0
- package/dist/skills/defaults/llm-application/similarity-search.md +560 -0
- package/dist/skills/defaults/llm-application/vector-index-tuning.md +523 -0
- package/dist/skills/defaults/mobile/mobile-android-design.md +440 -0
- package/dist/skills/defaults/mobile/mobile-ios-design.md +266 -0
- package/dist/skills/defaults/monitoring/distributed-tracing.md +436 -0
- package/dist/skills/defaults/monitoring/grafana-dashboards.md +370 -0
- package/dist/skills/defaults/monitoring/prometheus-configuration.md +379 -0
- package/dist/skills/defaults/monitoring/slo-implementation.md +323 -0
- package/dist/skills/defaults/refactoring/code-refactoring.md +349 -0
- package/dist/skills/defaults/security/anti-reversing-techniques/SKILL.md +559 -0
- package/dist/skills/defaults/security/auditor.md +168 -0
- package/dist/skills/defaults/security/binary-analysis-patterns/SKILL.md +438 -0
- package/dist/skills/defaults/security/memory-forensics/SKILL.md +483 -0
- package/dist/skills/defaults/security/mtls-configuration.md +349 -0
- package/dist/skills/defaults/security/protocol-reverse-engineering/SKILL.md +520 -0
- package/dist/skills/defaults/security/sast-configuration.md +182 -0
- package/dist/skills/defaults/security/security.md +313 -0
- package/dist/skills/defaults/security/stride-analysis.md +273 -0
- package/dist/skills/defaults/security/threat-mitigation-mapping.md +290 -0
- package/dist/skills/defaults/systems/bash-defensive-patterns/SKILL.md +539 -0
- package/dist/skills/defaults/systems/bats-testing-patterns/SKILL.md +631 -0
- package/dist/skills/defaults/systems/go-concurrency-patterns.md +657 -0
- package/dist/skills/defaults/systems/memory-safety-patterns.md +605 -0
- package/dist/skills/defaults/systems/rust-async-patterns.md +519 -0
- package/dist/skills/defaults/systems/shellcheck-configuration/SKILL.md +456 -0
- package/dist/skills/defaults/team-collaboration/multi-reviewer-patterns.md +126 -0
- package/dist/skills/defaults/team-collaboration/parallel-feature-development.md +151 -0
- package/dist/skills/defaults/testing/javascript-testing-patterns.md +1021 -0
- package/dist/skills/defaults/testing/python-testing-patterns.md +351 -0
- package/dist/skills/defaults/testing/testing.md +332 -0
- package/dist/skills/defaults/workflows/context-driven-development.md +384 -0
- package/dist/skills/defaults/workflows/track-management.md +592 -0
- package/dist/skills/defaults/workflows/workflow-patterns.md +622 -0
- package/dist/skills/index.d.ts +11 -0
- package/dist/skills/index.d.ts.map +1 -0
- package/dist/skills/index.js +129 -0
- package/dist/skills/index.js.map +1 -0
- package/dist/utils/character.js +4 -4
- package/dist/utils/character.js.map +1 -1
- package/dist/utils/inputbar.d.ts.map +1 -1
- package/dist/utils/inputbar.js +7 -0
- package/dist/utils/inputbar.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,290 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: threat-mitigation-mapping
|
|
3
|
+
description: Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Threat Mitigation Mapping
|
|
7
|
+
|
|
8
|
+
Connect threats to controls for effective security planning.
|
|
9
|
+
|
|
10
|
+
## When to Use This Skill
|
|
11
|
+
|
|
12
|
+
- Prioritizing security investments
|
|
13
|
+
- Creating remediation roadmaps
|
|
14
|
+
- Validating control coverage
|
|
15
|
+
- Designing defense-in-depth
|
|
16
|
+
- Security architecture review
|
|
17
|
+
- Risk treatment planning
|
|
18
|
+
|
|
19
|
+
## Core Concepts
|
|
20
|
+
|
|
21
|
+
### 1. Control Categories
|
|
22
|
+
|
|
23
|
+
```
|
|
24
|
+
Preventive ────► Stop attacks before they occur
|
|
25
|
+
│ (Firewall, Input validation)
|
|
26
|
+
│
|
|
27
|
+
Detective ─────► Identify attacks in progress
|
|
28
|
+
│ (IDS, Log monitoring)
|
|
29
|
+
│
|
|
30
|
+
Corrective ────► Respond and recover from attacks
|
|
31
|
+
(Incident response, Backup restore)
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
### 2. Control Layers
|
|
35
|
+
|
|
36
|
+
| Layer | Examples |
|
|
37
|
+
| --------------- | ------------------------------------ |
|
|
38
|
+
| **Network** | Firewall, WAF, DDoS protection |
|
|
39
|
+
| **Application** | Input validation, authentication |
|
|
40
|
+
| **Data** | Encryption, access controls |
|
|
41
|
+
| **Endpoint** | EDR, patch management |
|
|
42
|
+
| **Process** | Security training, incident response |
|
|
43
|
+
|
|
44
|
+
### 3. Defense in Depth
|
|
45
|
+
|
|
46
|
+
```
|
|
47
|
+
┌──────────────────────┐
|
|
48
|
+
│ Perimeter │ ← Firewall, WAF
|
|
49
|
+
│ ┌──────────────┐ │
|
|
50
|
+
│ │ Network │ │ ← Segmentation, IDS
|
|
51
|
+
│ │ ┌────────┐ │ │
|
|
52
|
+
│ │ │ Host │ │ │ ← EDR, Hardening
|
|
53
|
+
│ │ │ ┌────┐ │ │ │ ← Auth, Validation
|
|
54
|
+
│ │ │ │App │ │ │ │
|
|
55
|
+
│ │ │ │Data│ │ │ │ ← Encryption
|
|
56
|
+
│ │ │ └────┘ │ │ │
|
|
57
|
+
│ │ └────────┘ │ │
|
|
58
|
+
└──────────────────────┘
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+
## Templates
|
|
62
|
+
|
|
63
|
+
### Template 1: Standard Security Controls
|
|
64
|
+
|
|
65
|
+
```python
|
|
66
|
+
class ControlType(Enum):
|
|
67
|
+
PREVENTIVE = "preventive"
|
|
68
|
+
DETECTIVE = "detective"
|
|
69
|
+
CORRECTIVE = "corrective"
|
|
70
|
+
|
|
71
|
+
class ControlLayer(Enum):
|
|
72
|
+
NETWORK = "network"
|
|
73
|
+
APPLICATION = "application"
|
|
74
|
+
DATA = "data"
|
|
75
|
+
ENDPOINT = "endpoint"
|
|
76
|
+
PROCESS = "process"
|
|
77
|
+
|
|
78
|
+
# Control Library
|
|
79
|
+
|
|
80
|
+
CONTROLS = {
|
|
81
|
+
# Authentication Controls
|
|
82
|
+
"AUTH-001": {
|
|
83
|
+
"name": "Multi-Factor Authentication",
|
|
84
|
+
"description": "Require MFA for all user authentication",
|
|
85
|
+
"type": ControlType.PREVENTIVE,
|
|
86
|
+
"layer": ControlLayer.APPLICATION,
|
|
87
|
+
"effectiveness": Effectiveness.HIGH,
|
|
88
|
+
"mitigates": ["SPOOFING"],
|
|
89
|
+
},
|
|
90
|
+
"AUTH-002": {
|
|
91
|
+
"name": "Account Lockout Policy",
|
|
92
|
+
"description": "Lock accounts after failed authentication attempts",
|
|
93
|
+
"type": ControlType.PREVENTIVE,
|
|
94
|
+
"layer": ControlLayer.APPLICATION,
|
|
95
|
+
"effectiveness": Effectiveness.MEDIUM,
|
|
96
|
+
"mitigates": ["SPOOFING"],
|
|
97
|
+
},
|
|
98
|
+
|
|
99
|
+
# Input Validation Controls
|
|
100
|
+
"VAL-001": {
|
|
101
|
+
"name": "Input Validation Framework",
|
|
102
|
+
"description": "Validate and sanitize all user input",
|
|
103
|
+
"type": ControlType.PREVENTIVE,
|
|
104
|
+
"layer": ControlLayer.APPLICATION,
|
|
105
|
+
"effectiveness": Effectiveness.HIGH,
|
|
106
|
+
"mitigates": ["TAMPERING", "INJECTION"],
|
|
107
|
+
},
|
|
108
|
+
"VAL-002": {
|
|
109
|
+
"name": "Web Application Firewall",
|
|
110
|
+
"description": "Deploy WAF to filter malicious requests",
|
|
111
|
+
"type": ControlType.PREVENTIVE,
|
|
112
|
+
"layer": ControlLayer.NETWORK,
|
|
113
|
+
"effectiveness": Effectiveness.MEDIUM,
|
|
114
|
+
"mitigates": ["TAMPERING", "INJECTION", "DOS"],
|
|
115
|
+
},
|
|
116
|
+
|
|
117
|
+
# Encryption Controls
|
|
118
|
+
"ENC-001": {
|
|
119
|
+
"name": "Data Encryption at Rest",
|
|
120
|
+
"description": "Encrypt sensitive data in storage",
|
|
121
|
+
"type": ControlType.PREVENTIVE,
|
|
122
|
+
"layer": ControlLayer.DATA,
|
|
123
|
+
"effectiveness": Effectiveness.HIGH,
|
|
124
|
+
"mitigates": ["INFORMATION_DISCLOSURE"],
|
|
125
|
+
},
|
|
126
|
+
"ENC-002": {
|
|
127
|
+
"name": "TLS Encryption",
|
|
128
|
+
"description": "Encrypt data in transit using TLS 1.3",
|
|
129
|
+
"type": ControlType.PREVENTIVE,
|
|
130
|
+
"layer": ControlLayer.NETWORK,
|
|
131
|
+
"effectiveness": Effectiveness.HIGH,
|
|
132
|
+
"mitigates": ["INFORMATION_DISCLOSURE", "TAMPERING"],
|
|
133
|
+
},
|
|
134
|
+
|
|
135
|
+
# Logging Controls
|
|
136
|
+
"LOG-001": {
|
|
137
|
+
"name": "Security Event Logging",
|
|
138
|
+
"description": "Log all security-relevant events",
|
|
139
|
+
"type": ControlType.DETECTIVE,
|
|
140
|
+
"layer": ControlLayer.APPLICATION,
|
|
141
|
+
"effectiveness": Effectiveness.MEDIUM,
|
|
142
|
+
"mitigates": ["REPUDIATION"],
|
|
143
|
+
},
|
|
144
|
+
|
|
145
|
+
# Access Control
|
|
146
|
+
"ACC-001": {
|
|
147
|
+
"name": "Role-Based Access Control",
|
|
148
|
+
"description": "Implement RBAC for authorization",
|
|
149
|
+
"type": ControlType.PREVENTIVE,
|
|
150
|
+
"layer": ControlLayer.APPLICATION,
|
|
151
|
+
"effectiveness": Effectiveness.HIGH,
|
|
152
|
+
"mitigates": ["ELEVATION_OF_PRIVILEGE", "INFORMATION_DISCLOSURE"],
|
|
153
|
+
},
|
|
154
|
+
|
|
155
|
+
# Availability Controls
|
|
156
|
+
"AVL-001": {
|
|
157
|
+
"name": "Rate Limiting",
|
|
158
|
+
"description": "Limit request rates to prevent abuse",
|
|
159
|
+
"type": ControlType.PREVENTIVE,
|
|
160
|
+
"layer": ControlLayer.APPLICATION,
|
|
161
|
+
"effectiveness": Effectiveness.MEDIUM,
|
|
162
|
+
"mitigates": ["DENIAL_OF_SERVICE"],
|
|
163
|
+
},
|
|
164
|
+
}
|
|
165
|
+
```
|
|
166
|
+
|
|
167
|
+
### Template 2: Threat to Control Mapping
|
|
168
|
+
|
|
169
|
+
```python
|
|
170
|
+
# Example: SQL Injection threat mapping
|
|
171
|
+
threat_mapping = {
|
|
172
|
+
"SQL_INJECTION": {
|
|
173
|
+
"threat": "SQL Injection Attack",
|
|
174
|
+
"impact": "Critical",
|
|
175
|
+
"controls": [
|
|
176
|
+
{
|
|
177
|
+
"id": "VAL-001",
|
|
178
|
+
"status": "implemented",
|
|
179
|
+
"notes": "Parameterized queries throughout"
|
|
180
|
+
},
|
|
181
|
+
{
|
|
182
|
+
"id": "VAL-002",
|
|
183
|
+
"status": "implemented",
|
|
184
|
+
"notes": "WAF with SQL injection rules"
|
|
185
|
+
},
|
|
186
|
+
{
|
|
187
|
+
"id": "LOG-001",
|
|
188
|
+
"status": "implemented",
|
|
189
|
+
"notes": "All queries logged"
|
|
190
|
+
}
|
|
191
|
+
],
|
|
192
|
+
"residual_risk": "Low"
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
```
|
|
196
|
+
|
|
197
|
+
### Template 3: Mitigation Analysis
|
|
198
|
+
|
|
199
|
+
```python
|
|
200
|
+
def analyze_coverage(mapping):
|
|
201
|
+
"""Calculate control coverage for a threat."""
|
|
202
|
+
if not mapping["controls"]:
|
|
203
|
+
return 0.0
|
|
204
|
+
|
|
205
|
+
effectiveness_scores = {
|
|
206
|
+
"LOW": 1,
|
|
207
|
+
"MEDIUM": 2,
|
|
208
|
+
"HIGH": 3,
|
|
209
|
+
"VERY_HIGH": 4
|
|
210
|
+
}
|
|
211
|
+
|
|
212
|
+
status_multiplier = {
|
|
213
|
+
"not_implemented": 0.0,
|
|
214
|
+
"partial": 0.5,
|
|
215
|
+
"implemented": 0.8,
|
|
216
|
+
"verified": 1.0
|
|
217
|
+
}
|
|
218
|
+
|
|
219
|
+
total_score = 0
|
|
220
|
+
for control in mapping["controls"]:
|
|
221
|
+
# Get control effectiveness
|
|
222
|
+
effect = effectiveness_scores.get(CONTROLS[control["id"]]["effectiveness"], 1)
|
|
223
|
+
status = status_multiplier.get(control["status"], 0)
|
|
224
|
+
total_score += effect * status
|
|
225
|
+
|
|
226
|
+
max_possible = len(mapping["controls"]) * 4
|
|
227
|
+
return (total_score / max_possible) * 100
|
|
228
|
+
```
|
|
229
|
+
|
|
230
|
+
### Template 4: Implementation Roadmap
|
|
231
|
+
|
|
232
|
+
```python
|
|
233
|
+
def generate_roadmap(threats, controls):
|
|
234
|
+
"""Generate prioritized implementation roadmap."""
|
|
235
|
+
roadmap = []
|
|
236
|
+
|
|
237
|
+
# Phase 1: Critical threats
|
|
238
|
+
critical = [t for t in threats if t["impact"] == "Critical"]
|
|
239
|
+
for threat in critical:
|
|
240
|
+
# Find missing controls
|
|
241
|
+
for control in get_controls_for_threat(threat["category"]):
|
|
242
|
+
if control["status"] != "implemented":
|
|
243
|
+
roadmap.append({
|
|
244
|
+
"phase": 1,
|
|
245
|
+
"priority": "Critical",
|
|
246
|
+
"threat": threat["name"],
|
|
247
|
+
"control": control["name"]
|
|
248
|
+
})
|
|
249
|
+
|
|
250
|
+
# Phase 2: High threats
|
|
251
|
+
high = [t for t in threats if t["impact"] == "High"]
|
|
252
|
+
# Similar logic...
|
|
253
|
+
|
|
254
|
+
return roadmap
|
|
255
|
+
```
|
|
256
|
+
|
|
257
|
+
## Best Practices
|
|
258
|
+
|
|
259
|
+
### Do's
|
|
260
|
+
|
|
261
|
+
- **Map all threats** - No threat should be unmapped
|
|
262
|
+
- **Layer controls** - Defense in depth is essential
|
|
263
|
+
- **Mix control types** - Preventive, detective, corrective
|
|
264
|
+
- **Track effectiveness** - Measure and improve
|
|
265
|
+
- **Review regularly** - Controls degrade over time
|
|
266
|
+
|
|
267
|
+
### Don'ts
|
|
268
|
+
|
|
269
|
+
- **Don't rely on single controls** - Single points of failure
|
|
270
|
+
- **Don't ignore cost** - ROI matters
|
|
271
|
+
- **Don't skip testing** - Untested controls may fail
|
|
272
|
+
- **Don't set and forget** - Continuous improvement
|
|
273
|
+
- **Don't ignore people/process** - Technology alone isn't enough
|
|
274
|
+
|
|
275
|
+
## Common Control Mappings
|
|
276
|
+
|
|
277
|
+
| Threat | Primary Controls | Secondary Controls |
|
|
278
|
+
|--------|-----------------|-------------------|
|
|
279
|
+
| SQL Injection | Input validation, Parameterized queries | WAF, Least privilege |
|
|
280
|
+
| XSS | Output encoding, CSP | WAF, Input validation |
|
|
281
|
+
| CSRF | CSRF tokens | Same-site cookies |
|
|
282
|
+
| Auth bypass | MFA, Session management | Rate limiting, Logging |
|
|
283
|
+
| Data breach | Encryption, Access controls | DLP, Monitoring |
|
|
284
|
+
| DDoS | Rate limiting, CDN | DDoS protection, Scaling |
|
|
285
|
+
|
|
286
|
+
## Related Skills
|
|
287
|
+
|
|
288
|
+
- `stride-analysis` - For threat identification
|
|
289
|
+
- `sast-configuration` - For security scanning
|
|
290
|
+
- `security` - For general security practices
|