STRIDE is an acronym to help you think about potential software security threats and attacks. It helps you think evil (i.e. like an attacker.) I had the privilege of talking to one of the creators of STRIDE, Loren Kohnfelder. He told me that he originally created STRIDE to help people get in the right mind-set when analyzing security features.
STRIDE Categories
Here’s what STRIDE stands for:
- Spoofing user identity.
- Tampering with data.
- Repudiation.
- Information disclosure.
- Denial of service.
- Elevation of privilege.
Using STRIDE
You can use the STRIDE categories to ask questions related to each aspect of the architecture and design of your application. This is a goal-based approach, where you consider the goals of an attacker. For example, could an attacker spoof an identity to access your server or Web application? Could someone tamper with data over the network or in a data store? Is sensitive information disclosed when you report an error message or log an event? Could someone deny service?
Countermeasures
Here’s examples of countermeasures organized by the STRIDE categories:
Threat / Attack | Countermeasures |
---|---|
Spoofing user identity. |
|
Tampering with data. |
|
Repudiation. |
|
Information Disclosure. |
|
Denial of Service. |
|
Elevation of privilege. |
|
[…] Cookies and QueryStrings poses a risk of the tampering threat (review STRIDE Explained to understand threats). If there is a use of Params property there is a chance for CSRF attack – […]