Professional Documents
Culture Documents
Sad Lab 3-2005104
Sad Lab 3-2005104
LAB-3
STRIDE Framework:
The STRIDE framework serves as an invaluable tool within the realm of threat modeling. It's
an acronym encompassing six distinct threat categories: Spoofing, Tampering, Repudiation,
Information Disclosure, Denial of Service (DoS), and Elevation of Privilege. Each category
encapsulates a specific type of threat that software systems might encounter. These categories
act as a comprehensive guide, enabling engineers to categorize and analyze potential security
risks systematically.
Repudiation: Poorly logged user actions can enable users to deny their involvement, posing
challenges during incident investigations.
Information Disclosure: Weak access controls might allow unauthorized users to gain
access to sensitive information, leading to data breaches.
Denial of Service (DoS): Inadequate resource management can make the system vulnerable
to flooding attacks, rendering it unavailable to legitimate users.
Elevation of Privilege: Flaws in authorization can allow unauthorized users to gain access
to higher-level functions, potentially compromising the system's security.
SAD LAB
RAHUL SHAH IT-B22-2005104
SAD LAB
RAHUL SHAH IT-B22-2005104
Conclusion:
Hence we understood that, in an environment where cyber threats are constantly evolving,
security measures need to be integrated proactively. The combination of threat modeling and
STRIDE allows engineers to identify vulnerabilities, customize security measures, and create
a robust cybersecurity culture within the engineering community.
SAD LAB