STRIDE is a strategy used to create threat models.
It is a mnemonic which we should look at while thinking of threats to the system.
- Spoofing – Can I perform actions as if I was someone else?
- Tampering – Can I modify data to my advantage?
- Repudiation – Can I make it look like someone else is performing my actions?
- Information Disclosure – Can I get access to data that I should not have access to?
- Denial of Service – Can I bring the service down in some way?
- Elevation of privileges – Can I do stuff that I should not be allowed to do?