The first step helps find potential threats using a proactive process. Teams can use the STRIDE threat model to spot threats during the design phase of an app or system. Two Microsoft engineers, Loren Kohnfelder and Praerit Garg, developed STRIDE in the late 1990s. STRIDE is an acronym for six threat categories: Spoofing identity, Tampering with data, Repudiation threats, Information disclosure, Denial of service and Elevation of privileges. Among them is STRIDE, one of the earliest and most effective. And, every practical use of threat modeling is based on a specific methodology. Good threat modeling is more important than ever. It can help find threats, rank which are most serious, schedule fixes and develop plans to secure IT resources. It can suggest what defenses to include, the likely attacker’s profile, likely attack vectors and the assets attackers want most. For example, the STRIDE model offers a proven methodology of next steps. Threat modeling provides security teams with a practical framework for dealing with a threat. STRIDE threat modeling is an important tool in a security expert’s arsenal.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |