November 2, 2022 7:24 am    

Defense Lead
Cyber Security

Leibish Sapphire Round Blue Gemstone 1.45 Ct ICL

APPLICATION SECURITY INFORMATION SECURITY

STRIDE Methodology in 00:00 01:19

Threat Modeling Process

POST YOUR
By Defense Lead
ARTICLES!
 OCT 2, 2021

Readers, want your

ideas, articles,
Whitepapers and Re
search
papers published on
our DefenseLead we
bsite?

We are inviting you to

post your
whitepapers,
research, case
studies, or any wide
range of topics and
articles related to
 cyber security
on DefenseLead web
site with your name
credited.

Make sure that your

write-ups should be
up to date, high
quality, unique
content relevant to
cyber security with
no plagiarism.

For the submissions,

please contact us on
our email address
–defenselead.official
@gmail.com

Page Visited: 4032

Or else you can
 Read Time: 5 Minute, 3 Second
message us on

Overview:  DefenseLead Twitter,
 Facebook and Linked
This document defines a systematic process of STRIDE Methodology used in
in profiles.
organizations to find security threats and prevent them to build a secure
application or system.

The main goal for this methodology is that the application is maintained and
meets the security standards of Confidentiality, Integrity, and Availability (CIA).

What is STRIDE Methodology?

STRIDE is a Threat Modeling methodology used to identify the security threats in

the application and systems. It is utilized in the organization as a classification
scheme to characterize known threats according to the kinds of exploit that are
used (or motivation of the attacker).  

STRIDE is translated in full form as Spoofing, Tampering, Repudiation,

Information Disclosure, Denial of Service and Elevation of Privilege.
 Search for Search for

REPLACE
REPLACE
SS CARD REPLACEMENT
1. › 1. LLO
1. OST
ST SSN
SSN ›
ONLINE CARD
CARD

SOCIAL
SOCIAL
MY SOCIAL SECURITY 2.
2.
SECU
SECURIT
RITY
Y
›
2. › NUMBER
NUMBER
DISABILITY SEARCH
SEARCH

MY
MY SOCIAL
SOCIAL
SOCIAL SECURITY CARD 3. SECU
3. SECURIT
RITY
Y ›
3. › DISABILITY
DISABILITY
REPLACEMENT OFFICE

Yahoo! Search SOCIAL

SOCIAL
STRIDE methodology was developed by two engineers Praerit Garg and Loren SECU
SECURIT
RITY
Y
4.
4.
COLA
COLA ›
Kohnfelder at Microsoft in the late 1990s. ESTIMATE
ESTIMATE

SOCIAL
SOCIAL
This methodology is implemented as a part of the thread modeling procedure. SECU
SECURIT
RITY
Y
5.
5.
CARD
CARD
›
Cyber security professionals performed the Threat Modeling procedure step by REPLACEME
REPLACEME
NT
NT OFFICE
OFFICE
step through identifying assets, later creating an architectural overview of the
SOCIAL
SOCIAL
application that includes trust boundaries, subsystems and data flow and finally SECU
SECURIT
RITY
Y
6.
6.
OFFICE
OFFICE ›
identifying the threats using STRIDE methodology. NEAR
NEAR YOU
YOU

Before proceeding with the STRIDE categories, let us know about Threat SS
SS CARD
CARD

Modeling? 7. REPLACEME
7. REPLACEME ›
NT
NT ONLINE
ONLINE

What is Threat Modeling? Yahoo! Search

Threat Modeling is a systematic step-by-step procedure to identify security CYBER NEWS

threats, requirements, vulnerabilities, then measure the severity of impact and
finally prioritize remediation methods to prevent or mitigate the effects.

This technique can be practiced in a broad range of things that includes

applications, networks, systems, devices, and business processes.

Leibish Ruby Oval Red Gemstone 1.65 Ct ICL

To know more details about the Different Stages of Thread Modeling | Click
Here | Threat Modeling Procedure in Application Security 

Different Threat Categories of STRIDE Methodology: 

It is an acronym for set of six security threats which are as follows:

 1. Spoofing
2. Tampering
3. Repudiation
4. Information Disclosure
CYBER CYBER
NEWS NEWS
5. Denial of Service (DoS)
6. Elevation of Privilege FBI US
Email Sancti

CYBER CYBER
NEWS NEWS

NSA EXPLOITATION

and Tianfu
Cup

Spoofing: APPLICATION CYBER

SECURITY NEWS

Spoofing is a malicious method in which an attacker impersonates as a trusted CYBER

NEWS
EXPLOITATION

user in order to gain unauthorized access to sensitive information from the

Google Google
application’s database. In this attack, the authorized user has no information that Alerts Patche
the application is used with its credentials and it will also not trigger an alert to the
administrator as the attacker logged in with authorized credentials.

Spoofing attacks can be performed in different ways such as through websites,

phone calls, emails, texts, servers and IP addresses. This attack is the easiest
CYBER CYBER
way to perform and the hardest way to track. NEWS NEWS

EXPLOITATION EXPLOITATION
Search for
Urgent Micros
01. SS Card Replacement Online
Patch oft

02. My Social Security Disability

03. Social Security Card Replacement

Office

04. Social Security Number Search

CYBER APPLICATION
NEWS SECURITY
CYBER
05. Social Security Calculator 2022 EXPLOITATION
NEWS

Apple OWASP
TOP 10
Yahoo! Search Releas
OWAS
To prevent this attack, apply packet filtering, use encrypted and authenticated
P Top
secure communication protocols and authenticate users and systems by their IP
addresses when devices are on the network.

Tampering: 
Tampering is the process of altering or manipulating the data on the application or
FOLLOW US ON
system. Theft actors can potentially change data delivered to them, return it, and
thereby potentially manipulate client-side validation, GET and POST results, TWITTER
cookies, HTTP headers, and so forth. 
…
This attack can be reduced by performing a frequent backup process for the data · Nov 17, 2021
in the application. The application should also carefully check data received from
Cyber Attacker
the user and validate that it is sane and applicable before storing or using it. sends thousands
of fake Cyber
Repudiation:  Security alerts
from real FBI
Repudiation occurs when the attacker rejects or disagrees with the claims against address by
hacking their
them for performing the malicious violation in the application or system. The
email servers.
attacker can utilize this threat if the application fails to log the actions and events #FBI #Hacked
properly or unauthorized modification on the logs performed. #emailsecurity
#Server
#securitybreach
In order to prevent this threat, non-repudiation controls should be implemented in
#cybernews
the application, such as every action should be logged and monitored. Run audit #infosec
trail with integrity controls to prevent tampering or deletion. #cybersecurity
#cyberattack
#defenselead
Information Disclosure:  @sectest9
@CyberSecurity
Information disclosure generally occurs when an attacker access and view N8
unauthorized confidential and sensitive information in the application or system
due to improper implementation of the access controls. Sensitive information
could be such as client or customer private data, employees information,
organization data and files, revealing system information in the form of error
messages and much more. defenselead.com
FBI Email Server
If an attacker publicly discloses the confidential data at large, there will be an Hacked To Send…
Fake Cyber
immediate loss of confidence and a substantial period of reputation loss. To
Security Alert
defend against this theft, a strong access controls mechanism must include Messages
throughout the application and apply principle of least privilege.

Denial of Service (DoS): 

Denial of Service attack means when the attacker restricts the application or
system to perform the task or service that was intended for, making it inaccessible
to the users. This attack can be performed by sending multiple overloaded FOLLOW US ON
requests to the application which eventually slows down the system operations
FACEBOOK
due to huge traffic and finally, it crashes.

Though attackers will not have financial benefits or any access to confidential
data with this attack, but it will be a great loss in regards to money and reputation
for the organizations if their business comes to rest due to DoS attack.
 Search for
Defens…
23 followers

Social Security Card

1 Replacement Office
Follow Page

Social Security Number DefenseLead

2 Search
about 12 months
ago

!! Cyber Attacker
sends thousands of
Yahoo! Search
fake Cyber Security
To mitigate from this attack, monitor and analyze the network traffic by using alert emails from a
firewall protection or intrusion detection system and strengthen the security real FBI address by
hacking their email
posture of the organization.
servers !!
Read more-
Elevation of Privilege:  https://defenselead.co
m/fbi-email-server-
Elevation of Privilege attack occurs when an attacker exploits a design flaw, bug, hacked-send-fake-…/
or configuration error in an operating system or application to gain unauthorized #fbi #hacking #email
#cybersecurity
elevated access to resources that are usually restricted from an application or
#cyberattack
user.  #serversecurity
#spamming #leep
This vulnerability generally occurs when there is a failure to follow the principle of #securitybreach
#hacked #cybernews
least privilege, insufficient security controls and users with more privileges than
they actually authorized. Also, due to software vulnerabilities or using specific
techniques to control an application’s permission mechanism, attackers can  
exploit and perform the attack.

DefenseLead is a
dedicated platform
for articles,
information, white
papers and news
about Cyber
Security from
around the world.
Contact us at
Recommendation to prevent this attack is to implement least privilege policy, defenselead.official
enforce secure password management and follow secure coding practices. @gmail.com and
follow us on
Conclusion:  Twitter, Facebook a
nd LinkedIn to read
Security is generally an overlooked aspect in application development taking it as more exclusive
least priority. But in today’s world, applications are facing more regular cyber contents.
threats of data insecurity. So, implementing STRIDE methodology, which is the
best method of Threat Modeling procedure to test the application before and even
 
after designed and deployed.
 Found this article interesting? Follow DefenseLead on Twitter, Facebook and
LinkedIn to read more exclusive content.
SUBSCRIBE TO

NEWSLETTER

      Enter your email

address to subscribe
 Cyber Security Requirements for OWASP Top 10 – 2021
to this Newsletter and
Application Development Projects Vulnerabilities
receive notifications of
new posts by email.

By Defense Lead
Email Address

Subscribe

RELATED POST

APPLICATION SECURITY APPLICATION SECURITY

SECURITY AWARENESS INFORMATION SECURITY VAPT

2021 CWE 2021 CWE Application

Top 25 Most Most Security
Dangerous
 NOV 14, 2021 
Important
 NOV 5, 2021 
Testing – 
 OCT 26, 2021
Software Hardware Methodolog
Weaknesses
DEFENSE LEAD
Weaknesses
DEFENSE LEAD
y and
DEFENSE LEAD

Approach

Leave a Reply

Enter your comment here...

 YOU MISSED

APPLICATION SECURITY

CYBER NEWS SECURITY AWARENESS CYBER NEWS INFORMATION SECURITY

FBI Email 2021 CWE US Sanctions 2021 CWE

Server Top 25 Most Pegasus Most
Hacked To 
 NOV 18, 2021
Dangerous
 NOV 14, 2021 
Maker NSO
 NOV 13, 2021
Important
 NOV 5, 2021 
Send Fake Software Group and 3 Hardware
Cyber
HAROON TOUSIF
Weaknesses
DEFENSE LEAD
Other
DEFENSE LEAD
Weaknesses
DEFENSE LEAD

Security Companies

Defense Lead    
Cyber Security

Home About Us Contact Us Cyber News

Copyright © 2021 DefenseLead. All Rights Reserved.
Information Security Pin Posts White Papers