Many Security Evangelists use STRIDE Model for Threat Modeling an Application
Spoofing user identity - Spoofing threats are usually associated with a wily hacker being able to impersonate a valid system user or resource to get access to the system and thereby compromise system security.
Tampering with data - Tampering with data involves the malicious modification of system or user data with or without detection.
Repudiation - Repudiation threats are associated with users—malicious or otherwise—who can deny performing an action without administrators having any way to prove otherwise. An example of a reputability threat is a user performing an illegal operation in a system that lacks the ability to trace such operations.
Information Disclosure - Information disclosure threats involve the compromising of private or business-critical information through the exposure of that information to individuals who are not supposed to see it.
Denial of service - Denial of service (DoS) threats when carried out deny service to valid users—for example, by making the system temporarily unavailable or unusable or by forcing a reboot or restart of the user’s machine.
Elevation of privilege - In this type of threat, an unprivileged user gains privileged access and thereby has sufficient access to compromise or destroy the entire system.
No comments:
Post a Comment