2021-07-27 20:09:23 +00:00
|
|
|
---
|
|
|
|
author: Alvie Rahman
|
|
|
|
date: \today
|
|
|
|
title: Threat Modelling and Designing for Security Notes
|
2021-08-15 19:44:51 +00:00
|
|
|
tags: [ security ]
|
2021-07-27 20:09:23 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
# Using STRIDE to Find Threats
|
|
|
|
|
|
|
|
> STRIDE is a mnemonic for things that go wrong in security
|
|
|
|
|
|
|
|
- **Spoofing** is pretending to be something or someone you're not
|
|
|
|
- **Tampering** is modifying something you're not supposed to
|
|
|
|
- **Repudiation** is means claiming you didn't do something, regardless of whether you did or not
|
|
|
|
- **Information Disclosure** is about exposing information to people who are not authorized to see
|
|
|
|
it
|
|
|
|
- **Denial of Service** are attacks designed to prevent a system from providing service, including
|
|
|
|
by crashing it, making it unusably slow, or filling all its storage
|
|
|
|
- **Elevation of Privilege** is when a program or user is technically able to do things that they're
|
|
|
|
not supposed to do
|