20 lines
815 B
Markdown
20 lines
815 B
Markdown
|
---
|
||
|
author: Alvie Rahman
|
||
|
date: \today
|
||
|
title: Threat Modelling and Designing for Security Notes
|
||
|
---
|
||
|
|
||
|
# Using STRIDE to Find Threats
|
||
|
|
||
|
> STRIDE is a mnemonic for things that go wrong in security
|
||
|
|
||
|
- **Spoofing** is pretending to be something or someone you're not
|
||
|
- **Tampering** is modifying something you're not supposed to
|
||
|
- **Repudiation** is means claiming you didn't do something, regardless of whether you did or not
|
||
|
- **Information Disclosure** is about exposing information to people who are not authorized to see
|
||
|
it
|
||
|
- **Denial of Service** are attacks designed to prevent a system from providing service, including
|
||
|
by crashing it, making it unusably slow, or filling all its storage
|
||
|
- **Elevation of Privilege** is when a program or user is technically able to do things that they're
|
||
|
not supposed to do
|