Link Search Menu Expand Document

Threat Modeling

How does threat modeling work?

Identify

  • Potential threat

  • Potential occurrence

  • Concern Priority

  • Means to eradicate or mitigate threat

Categorized

Analyze

What is STRIDE?

  • Spoofing : using someone else’s credentials to gain access to otherwise inaccessible assets
  • Tampering : Changing data to mount an attack
  • Repudiation : Occurs when a user denies performing an action, but the target of the action has no way to prove otherwise
  • Information Disclosure : disclosure of information to a user who does not have permission to see it
  • Denial of Service : Reducing the ability of valid users to access resources
  • Elevation of Privilege : occurs when an unprivileged user gains privileged status.

What is DREAD?

Threat Modeling exercise examples

  1. Instant messaging system
  2. Password storage system
  3. Ecommerce store
  4. Given an application where a client wants to look up a service from service discovery provider.