A CDE Definition
(Spoofing, Tampering, Repudiation, Information, Denial, Elevation) An acronym for remembering six areas of risk in technology. For an excellent example of applying STRIDE to Web applications, visit the keepers of the Open Web Application Security Project (OWASP) at www.owasp.com.
A user should not be able to assume the identity of, or mask the attributes of, someone else. Using a public key infrastructure (PKI) and digital signatures is a way of preventing spoofing.
Tampering With Data
The integrity of data should be preserved at all times. Encryption, independent verification and input, process and output validation are some of the tools that can be used.
Repudiate a Transaction
A valid transaction should not be subject to rejection. Good audit trails and signing a message with date and time are examples of preventative methods.
Information should not fall into unauthorized hands. Data loss prevention (DLP) techniques are used to strengthen corporate confidentiality. See DLP.
Denial of Service
A server or an application should not be vulnerable to being put out of service. Redundant and/or backup systems are datacenter architectures that can be used.
Elevation of Privilege
An unauthorized user should not be allowed administrator rights. Refusing to share passwords or tokens can reduce this risk. See access control.
Before/After Your Search Term
|street view||string literal|
|stress testing||Stringy Floppy|
|stretch blt||striped volume|
Terms By Topic
Click any of the following categories for a list of fundamental terms.