Threat modeling techniques
There are various threat modeling techniques and methodologies. STRIDE and DREAD are two of them. We will study the STRIDE and DREAD methodologies in the following sections.
STRIDE
STRIDE is an easy-to-use threat modeling methodology developed by Microsoft. STRIDE helps in identifying threats and is an abbreviation for the following terms:
- S—spoofing: Threats in the spoofing category include an adversary creating and exploiting confusion about the identity of someone or something.
For example, an adversary sends an email to a user pretending to be someone else.
- T—tampering: A tampering threat involves an adversary making modifications in data while in storage or in transit.
For example, an adversary intercepts network packets, changes payment information, and forwards them to the target.
- R—repudiation: Repudiation involves an adversary performing a certain action and then later denying having performed the action.
For example, an adversary sends a threatening email to...