create notes on thread modelling

2021-07-27 21:09:23 +01:00 · 2021-07-27 21:09:23 +01:00 · 4d9cde4339
commit 4d9cde4339
parent 49ebcae5ea
1 changed files with 19 additions and 0 deletions
--- a/threat_modelling.md
+++ b/threat_modelling.md
@ -0,0 +1,19 @@
+---
+author: Alvie Rahman
+date: \today
+title: Threat Modelling and Designing for Security Notes
+---
+
+# Using STRIDE to Find Threats
+
+> STRIDE is a mnemonic for things that go wrong in security
+
+- **Spoofing** is pretending to be something or someone you're not
+- **Tampering** is modifying something you're not supposed to
+- **Repudiation** is means claiming you didn't do something, regardless of whether you did or not
+- **Information Disclosure** is about exposing information to people who are not authorized to see
+  it
+- **Denial of Service** are attacks designed to prevent a system from providing service, including
+  by crashing it, making it unusably slow, or filling all its storage
+- **Elevation of Privilege** is when a program or user is technically able to do things that they're
+  not supposed to do