Threat Modeling: STRIDE

Microsoft developed the STRIDE threat model to assess threats against applications or operating systems. STRIDE is an acronym for the following: Spoofing, Tampering. Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

Spoofing

An attack with the goal of gaining access to a target system through the use of falsified identity.

Tampering

Any action resulting in unauthorized changes or manipulation of data, whether in transit or in storage.

Repudiation

The ability of a user or attacker to deny having performed an action or activity.

Information Disclosure

The disclosure or distribution of private or confidential information to external or unauthorized parties.

Denial of Service (DoS)

An attack against availability, that attempts to prevent authorized use of a resource.

Elevation of Privilege

An attack where an account is granted elevated permissions that allow them to perform actions with greater power.

The creators who developed the STRIDE model are Praerit Garg and Loren Kohnfelder.

Spoofing

Tampering

Repudiation

Information Disclosure

Denial of Service (DoS)

Elevation of Privilege

What is Data Hiding?

HTTP Status Code 308 – Permanent Redirect

HTTP Status Codes – Explained

HTTP Status Code 202 – Accepted

HTTP Status Code 423 – Locked

What is a Security Policy?

Spoofing

Tampering

Repudiation

Information Disclosure

Denial of Service (DoS)

Elevation of Privilege

Similar Posts