Microsoft developed the STRIDE threat model to assess threats against applications or operating systems. STRIDE is an acronym for the following: Spoofing, Tampering. Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.
An attack with the goal of gaining access to a target system through the use of falsified identity.
Any action resulting in unauthorized changes or manipulation of data, whether in transit or in storage.
The ability of a user or attacker to deny having performed an action or activity.
The disclosure or distribution of private or confidential information to external or unauthorized parties.
Denial of Service (DoS)
An attack against availability, that attempts to prevent authorized use of a resource.
Elevation of Privilege
An attack where an account is granted elevated permissions that allow them to perform actions with greater power.