Professional Documents
Culture Documents
Theory-
Threat Modelling:
At its core, threat modelling is a systematic approach employed during the software
development lifecycle to analyze and pre-emptively address security concerns. It involves
identifying potential threats, evaluating their potential impact, and formulating strategies to
mitigate these threats. By adopting threat modelling, engineers can effectively integrate
security considerations into the design phase of their projects, ensuring that vulnerabilities are
identified and rectified before they can be exploited.
STRIDE Framework:
The STRIDE framework serves as an invaluable tool within the realm of threat modeling. It's
an acronym encompassing six distinct threat categories: Spoofing, Tampering, Repudiation,
Information Disclosure, Denial of Service (DoS), and Elevation of Privilege. Each category
encapsulates a specific type of threat that software systems might encounter. These categories
act as a comprehensive guide, enabling engineers to categorize and analyze potential security
risks systematically.
Threat
Category Definition Vulnerability Example Counter Measures
Weak authentication
Falsely presenting oneself allowing unauthorized Implement strong multi-
Spoofing as another entity access factor authentication
Unauthorized
modification of data or Manipulating transaction Implement data integrity
Tampering code data to alter amounts checks and encryption
Unauthorized access to
Elevation of higher-level Exploiting a vulnerability Regularly update software,
Privilege functionalities to gain admin access apply least privilege
Conclusion-
In an environment where cyber threats are constantly evolving, security measures need to be
integrated proactively. The combination of threat modeling and STRIDE allows engineers to
identify vulnerabilities, customize security measures, and create a robust cybersecurity
culture within the engineering community.