Threat Modeling
How does threat modeling work?
Identify
Potential threat
Potential occurrence
Concern Priority
Means to eradicate or mitigate threat
Categorized
Analyze
What is STRIDE?
- Spoofing : using someone else’s credentials to gain access to otherwise inaccessible assets
- Tampering : Changing data to mount an attack
- Repudiation : Occurs when a user denies performing an action, but the target of the action has no way to prove otherwise
- Information Disclosure : disclosure of information to a user who does not have permission to see it
- Denial of Service : Reducing the ability of valid users to access resources
- Elevation of Privilege : occurs when an unprivileged user gains privileged status.
What is DREAD?
Threat Modeling exercise examples
- Instant messaging system
- Password storage system
- Ecommerce store
- Given an application where a client wants to look up a service from service discovery provider.