create notes on thread modelling
This commit is contained in:
parent
49ebcae5ea
commit
4d9cde4339
GPG Key ID:
20609519444A1269
19
threat_modelling.md
Executable file
19
threat_modelling.md
Executable file
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
author: Alvie Rahman
|
||||||
|
date: \today
|
||||||
|
title: Threat Modelling and Designing for Security Notes
|
||||||
|
---
|
||||||
|
|
||||||
|
# Using STRIDE to Find Threats
|
||||||
|
|
||||||
|
> STRIDE is a mnemonic for things that go wrong in security
|
||||||
|
|
||||||
|
- **Spoofing** is pretending to be something or someone you're not
|
||||||
|
- **Tampering** is modifying something you're not supposed to
|
||||||
|
- **Repudiation** is means claiming you didn't do something, regardless of whether you did or not
|
||||||
|
- **Information Disclosure** is about exposing information to people who are not authorized to see
|
||||||
|
it
|
||||||
|
- **Denial of Service** are attacks designed to prevent a system from providing service, including
|
||||||
|
by crashing it, making it unusably slow, or filling all its storage
|
||||||
|
- **Elevation of Privilege** is when a program or user is technically able to do things that they're
|
||||||
|
not supposed to do
|
||||||
Loading…
Reference in New Issue
Block a user