Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
7 Cards in this Set
- Front
- Back
STRIDE |
Spoofing (identity) Tampering (with data) Repudiation (threats) Information (disclosure) Denial (of service) Elevation (of privilege) |
|
S = Spoofing (identity) |
This principle requires you to authenticate requests and users accessing a system. Spoofing involves a malicious party falsely identifying itself as another. Access keys (such as API keys) or signatures via encryption helps remediate this threat. |
|
T = Tampering (with data) |
By providing anti-tampering measures to a system or application, you help provide integrity to the data. Data that is accessed must be kept integral and accurate. For example, shops use seals on food products. |
|
R = Repudiation (threats) |
This principle dictates the use of services such as logging of activity for a system or application to track. |
|
I = Information (disclosure) |
Applications and services that handle information of multiple users need to be appropriately configured to only show information relevant to the owner. |
|
D = Denial (of service) |
Applications and services use up system resources. These two things should have measures in place so that abuse of the application/service won't result in bringing the whole system down. |
|
E = Elevation (of privilege) |
This is the worst case scenario for an application or service. It means that a user was able to escalate their authorisation to that of a higher level i.e. an administrator. This scenario often leads to further exploitation or information disclosure. |