Stride is a threat classification model developed by Microsoft. It classifies threats into six categories which are: Spoofing – when a service or user masquerades as another service or user successfully Tampering – The malicious modification of data e.g maliciously modifying a database Repudiation – Associated with users performing illegal operations on systems which lack the correct safeguards or tracing operations to identify or prohibit such operations. Information Disclosure – Exposure of information to individuals...
Stride is a threat classification model developed by Microsoft. It classifies threats into six categories which are:
Spoofing – when a service or user masquerades as another service or user successfully
Tampering – The malicious modification of data e.g maliciously modifying a database
Repudiation – Associated with users performing illegal operations on systems which lack the correct safeguards or tracing operations to identify or prohibit such operations.
Information Disclosure – Exposure of information to individuals who are not supposed to access it, for example, cracking a DB password to gain access to customer details.
Denial of service – Any attack which denies valid users from accessing a service
Elevation of privilege – When an unprivileged user gains unauthorized privileged to a service or object.
DREAD provides a rating for each risk made up of 5 areas scored from 1-3. Damage potential, reproducibility, exploitability, affected users and discoverability giving each risk a priority.
