There are several techniques can be implemented to find the vulnerabilities and the threats of the system. These techniques are known as threat modelling in which it is a technique that mitigate the vulnerabilities on your system. One way to determine the threats of your system is via the STRIDE technique. STRIDE is a shorthand for:
- S – Spoofing identity.
- T – Tampering with data.
- R – Repudiation.
- I – Information disclosure.
- D – Denial of service.
- E – Elevation of privilege.
Spoofing identity: It allows the attacker to pose as another user or allow a rogue server to pose as a valid server.
Tampering with data: It involves malicious modification of data.
Repudiation: When the users deny performing an action (without other parties having any way to prove otherwise).
Information disclosure: Is the process of exposing the individual information to other people who are not supposed to have access to this information.
Denial of service: Denial of service (DoS) attacks, which is the process of denying the services to valid users.
Elevation of privilege: An unprivileged user gains privileged access and thereby has sufficient access to compromise or destroy the entire system
In conclusion, STRIDE technique assets the following:
|Spoofing identity||Configuration Data|
|Tampering with data||Authentication data|
|Information disclosure||Data “on the wire”|
|Denial of service||State Data|
|Elevation of privilege||Temporary Data|