• (Threat Modeling: uncover vulnerabilities without looking at code)[https://www.youtube.com/watch?v=Fmp9UFjPiJs]

STRIDE

Reference: (Wiki)[https://en.wikipedia.org/wiki/STRIDE_(security)]

Description:

  • Spoofing: Pretending to be someone you are not
  • Tampering: Modifying Data
  • Repudiation: “I didn’t do it, nobody saw me do it, can’t prove anything”
  • Information Disclosure: Leakage of Information that should be private
  • Denial of Service: Stopping something from working or responding
  • Elevation of Privilage: Upgrading from user to administrator access

Mitigation Perfective:

  • Spoofing: Strong authentication
  • Tampering: Encryption
  • Repudiation: Strong authentication and authorization
  • Information Disclosure: Encryption
  • Denial of Service: Resilience
  • Elevation of Privilage: Authorization