Amend STRIDE Threat Modeling to assess
This commit is contained in:
daniel.wittich
19
radar/2019-11-01/stride-threat-modeling.md
Normal file
19
radar/2019-11-01/stride-threat-modeling.md
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
title: "STRIDE Threat Modeling"
|
||||||
|
ring: assess
|
||||||
|
quadrant: methods-and-patterns
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
STRIDE is a model of threat groups that helps to identify security threats to any application, component or infrastructure.
|
||||||
|
|
||||||
|
The acronym stands for:
|
||||||
|
|
||||||
|
* Spoofing
|
||||||
|
* Tampering
|
||||||
|
* Repudiation
|
||||||
|
* Information disclosure
|
||||||
|
* Denial of service
|
||||||
|
* Elevation of privilege
|
||||||
|
|
||||||
|
AOE is applying the threat model in collaborative sessions using the [Elevation of Privilege Card Game](https://social.technet.microsoft.com/wiki/contents/articles/285.elevation-of-privilege-the-game.aspx) which helps to spark imagination and makes threats more tangible.
|
||||||
Reference in New Issue
Block a user