Identifying threats with STRIDE
The acronym STRIDE was developed by Loren Kohnfelder and Praerit Garg to help with the identification of threats by categorizing them. Each letter identifies a different category of threat:
- Spoofing: Pretending to be something or someone you’re not
- Tampering: Modifying something you shouldn’t, either for sport or for your own advantage
- Repudiation: Avoiding responsibility for something you did or claiming responsibility for something you didn’t
- Information Disclosure: Revealing data to someone who isn’t authorized to see it
- Denial of Service: Absorbing all the resources of a service so that it can no longer function
- Elevation of Privilege: Someone doing something they aren’t meant to do
It’s worth remembering that STRIDE reminds us to consider these six threat categories – it doesn’t tell us to restrict ourselves to just these six. Using a framework such as STRIDE...