Amend STRIDE Threat Modeling to assess
This commit is contained in:
daniel.wittich
19
radar/2019-11-01/stride-threat-modeling.md
Normal file
19
radar/2019-11-01/stride-threat-modeling.md
Normal file
@@ -0,0 +1,19 @@
|
||||
---
|
||||
title: "STRIDE Threat Modeling"
|
||||
ring: assess
|
||||
quadrant: methods-and-patterns
|
||||
|
||||
---
|
||||
|
||||
STRIDE is a model of threat groups that helps to identify security threats to any application, component or infrastructure.
|
||||
|
||||
The acronym stands for:
|
||||
|
||||
* Spoofing
|
||||
* Tampering
|
||||
* Repudiation
|
||||
* Information disclosure
|
||||
* Denial of service
|
||||
* Elevation of privilege
|
||||
|
||||
AOE is applying the threat model in collaborative sessions using the [Elevation of Privilege Card Game](https://social.technet.microsoft.com/wiki/contents/articles/285.elevation-of-privilege-the-game.aspx) which helps to spark imagination and makes threats more tangible.
|
||||
Reference in New Issue
Block a user