alvierahman90/notes
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
037a352095
notes/threat_modelling.md

815 B
Executable File
Raw Blame History

author date title
Alvie Rahman \today Threat Modelling and Designing for Security Notes

Using STRIDE to Find Threats

STRIDE is a mnemonic for things that go wrong in security

  • Spoofing is pretending to be something or someone you're not
  • Tampering is modifying something you're not supposed to
  • Repudiation is means claiming you didn't do something, regardless of whether you did or not
  • Information Disclosure is about exposing information to people who are not authorized to see it
  • Denial of Service are attacks designed to prevent a system from providing service, including by crashing it, making it unusably slow, or filling all its storage
  • Elevation of Privilege is when a program or user is technically able to do things that they're not supposed to do