Overview
Developed by Microsoft, STRIDE is one of the most widely used frameworks for identifying threats during the design of a system. Each letter represents a different category of threat:
The STRIDE Categories
- Spoofing: Impersonating a person or system (violates Authenticity).
- Tampering: Modifying data or code (violates Integrity).
- Repudiation: Denying that an action was taken (violates Non-repudiation).
- Information Disclosure: Exposing sensitive data (violates Confidentiality).
- Denial of Service: Making a system unavailable (violates Availability).
- Elevation of Privilege: Gaining unauthorized access levels (violates Authorization).
Use Case
Security teams use STRIDE to systematically analyze each component of a system (e.g., processes, data stores, data flows) to identify potential vulnerabilities.