• Skip to main content
  • Skip to after header navigation
  • Skip to site footer

Shaping Software

Enduring Ideas in the Realm of Software

  • About
  • Topics
  • Best Software Books
  • Archives
  • JD Meier.com

STRIDE Explained

Mar 30, 2008 by JD

STRIDE is an acronym to help you think about potential software security threats and attacks.  It helps you think evil (i.e. like an attacker.)  I had the privilege of talking to one of the creators of STRIDE, Loren Kohnfelder.  He told me that he originally created STRIDE to help people get in the right mind-set when analyzing security features.

STRIDE Categories

Here’s what STRIDE stands for:

  • Spoofing user identity.
  • Tampering with data.
  • Repudiation.
  • Information disclosure.
  • Denial of service.
  • Elevation of privilege.

Using STRIDE

You can use the STRIDE categories to ask questions related to each aspect of the architecture and design of your application. This is a goal-based approach, where you consider the goals of an attacker. For example, could an attacker spoof an identity to access your server or Web application? Could someone tamper with data over the network or in a data store? Is sensitive information disclosed when you report an error message or log an event? Could someone deny service?

Countermeasures

Here’s examples of countermeasures organized by the STRIDE categories:

Threat / Attack Countermeasures
Spoofing user identity.
  • Use strong authentication.
  • Do not store secrets (for example, passwords) in plaintext.
  • Do not pass credentials in plaintext over the wire.
  • Protect authentication cookies with Secure Sockets Layer (SSL).
Tampering with data.
  • Use data hashing and signing. Use digital signatures.
  • Use strong authorization.
  • Use tamper-resistant protocols across communication links.
  • Secure communication links with protocols that provide message integrity.
Repudiation.
  • Create secure audit trails.
  • Use digital signatures.
Information Disclosure.
  • Use strong authorization.
  • Use strong encryption.
  • Secure communication links with protocols that provide message confidentiality.
  • Do not store secrets (for example, passwords) in plaintext.
Denial of Service.
  • Use resource and bandwidth throttling techniques.
  • Validate and filter input.
Elevation of privilege.
  • Follow the principle of least privilege and use least privileged service accounts to run processes and access resources.
Category: SecurityTag: Security, Techniques

About JD

Previous Post:What are Threats, Attacks, Vulnerabilities, and Countermeasures?
Next Post:Performance Threats and Countermeasures FrameworkPerformance Threats and Countermeasures Framework

Reader Interactions

Trackbacks

  1. Alik Levin's : Security Code Review – String Search Patterns For Finding Input Validation Vulnerabilities says:
    Jul 11, 2008 at 11:25 am

    […] Cookies and QueryStrings poses a risk of the tampering threat (review STRIDE Explained to understand threats). If there is a use of Params property there is a chance for CSRF attack – […]

Sidebar

Recent Posts

  • What is ChatGPT?
  • Agile Performance Engineering
  • What is Cybersecurity?
  • Software Security Threats: A Comprehensive Guide
  • What is Software Security?

Popular Posts

Best Software Books of All Time
Best Practices for Project Management
Best Practices for Software Development
Customer-Connected Engineering
How To Frame Problems Better
How To Pitch Business Ideas Better
How To Structure Vision Scope Presentations
Intro to Lean Software Development
Lean Principles for Software Development
The Enterprise of the Future