STRIDE

STRIDE is a strategy used to create threat models.

It is a mnemonic which we should look at while thinking of threats to the system.

  • Spoofing -- Can I perform actions as if I was someone else?
  • Tampering -- Can I modify data to my advantage?
  • Repudiation -- Can I make it look like someone else is performing my actions?
  • Information Disclosure -- Can I get access to data that I should not have access to?
  • Denial of Service -- Can I bring the service down in some way?
  • Elevation of privileges -- Can I do stuff that I should not be allowed to do?

Backlinks