From 4d9cde4339af0caa9d5b1de5b8be022b38a80569 Mon Sep 17 00:00:00 2001 From: Alvie Rahman Date: Tue, 27 Jul 2021 21:09:23 +0100 Subject: [PATCH] create notes on thread modelling --- threat_modelling.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100755 threat_modelling.md diff --git a/threat_modelling.md b/threat_modelling.md new file mode 100755 index 0000000..613c1a2 --- /dev/null +++ b/threat_modelling.md @@ -0,0 +1,19 @@ +--- +author: Alvie Rahman +date: \today +title: Threat Modelling and Designing for Security Notes +--- + +# Using STRIDE to Find Threats + +> STRIDE is a mnemonic for things that go wrong in security + +- **Spoofing** is pretending to be something or someone you're not +- **Tampering** is modifying something you're not supposed to +- **Repudiation** is means claiming you didn't do something, regardless of whether you did or not +- **Information Disclosure** is about exposing information to people who are not authorized to see + it +- **Denial of Service** are attacks designed to prevent a system from providing service, including + by crashing it, making it unusably slow, or filling all its storage +- **Elevation of Privilege** is when a program or user is technically able to do things that they're + not supposed to do