notes/threat_modelling.md

21 lines
834 B
Markdown
Raw Normal View History

2021-07-27 20:09:23 +00:00
---
author: Alvie Rahman
date: \today
title: Threat Modelling and Designing for Security Notes
2021-08-15 19:44:51 +00:00
tags: [ security ]
2021-07-27 20:09:23 +00:00
---
# Using STRIDE to Find Threats
> STRIDE is a mnemonic for things that go wrong in security
- **Spoofing** is pretending to be something or someone you're not
- **Tampering** is modifying something you're not supposed to
- **Repudiation** is means claiming you didn't do something, regardless of whether you did or not
- **Information Disclosure** is about exposing information to people who are not authorized to see
it
- **Denial of Service** are attacks designed to prevent a system from providing service, including
by crashing it, making it unusably slow, or filling all its storage
- **Elevation of Privilege** is when a program or user is technically able to do things that they're
not supposed to do