STRIDE
STRIDE is a strategy used to create threat models.
It is a mnemonic which we should look at while thinking of threats to the system.
- Spoofing -- Can I perform actions as if I was someone else?
- Tampering -- Can I modify data to my advantage?
- Repudiation -- Can I make it look like someone else is performing my actions?
- Information Disclosure -- Can I get access to data that I should not have access to?
- Denial of Service -- Can I bring the service down in some way?
- Elevation of privileges -- Can I do stuff that I should not be allowed to do?
Backlinks