STRIDE is a strategy used to create threat models.

It is a mnemonic which we should look at while thinking of threats to the system.

  • Spoofing – Can I perform actions as if I was someone else?
  • Tampering – Can I modify data to my advantage?
  • Repudiation – Can I make it look like someone else is performing my actions?
  • Information Disclosure – Can I get access to data that I should not have access to?
  • Denial of Service – Can I bring the service down in some way?
  • Elevation of privileges – Can I do stuff that I should not be allowed to do?

Links to this note