Threat Modeling

Threat Modeling Methodologies

STRIDE

STRIDE is a threat modeling framework developed by Microsoft that categorizes threats into six categories:

• Spoofing: Impersonating something or someone else

  • Examples: Fake authentication tokens, DNS spoofing, email spoofing
  • Controls: Strong authentication, certificate validation, anti-spoofing measures

• Tampering: Modifying data or code without authorization

  • Examples: Man-in-the-middle attacks, code injection, data tampering
  • Controls: Digital signatures, integrity checks, secure communication channels

• Repudiation: Denying having performed an action

  • Examples: Denying a transaction, denying access to resources
  • Controls: Audit logging, non-repudiation services, digital signatures