Professional Documents
Culture Documents
STRIDE Methodology in Threat Modeling Process - Defense Lead
STRIDE Methodology in Threat Modeling Process - Defense Lead
Defense Lead
Cyber Security
Overview: DefenseLead Twitter,
Facebook and Linked
This document defines a systematic process of STRIDE Methodology used in
in profiles.
organizations to find security threats and prevent them to build a secure
application or system.
The main goal for this methodology is that the application is maintained and
meets the security standards of Confidentiality, Integrity, and Availability (CIA).
REPLACE
REPLACE
SS CARD REPLACEMENT
1. › 1. LLO
1. OST
ST SSN
SSN ›
ONLINE CARD
CARD
SOCIAL
SOCIAL
MY SOCIAL SECURITY 2.
2.
SECU
SECURIT
RITY
Y
›
2. › NUMBER
NUMBER
DISABILITY SEARCH
SEARCH
MY
MY SOCIAL
SOCIAL
SOCIAL SECURITY CARD 3. SECU
3. SECURIT
RITY
Y ›
3. › DISABILITY
DISABILITY
REPLACEMENT OFFICE
SOCIAL
SOCIAL
This methodology is implemented as a part of the thread modeling procedure. SECU
SECURIT
RITY
Y
5.
5.
CARD
CARD
›
Cyber security professionals performed the Threat Modeling procedure step by REPLACEME
REPLACEME
NT
NT OFFICE
OFFICE
step through identifying assets, later creating an architectural overview of the
SOCIAL
SOCIAL
application that includes trust boundaries, subsystems and data flow and finally SECU
SECURIT
RITY
Y
6.
6.
OFFICE
OFFICE ›
identifying the threats using STRIDE methodology. NEAR
NEAR YOU
YOU
Before proceeding with the STRIDE categories, let us know about Threat SS
SS CARD
CARD
Modeling? 7. REPLACEME
7. REPLACEME ›
NT
NT ONLINE
ONLINE
To know more details about the Different Stages of Thread Modeling | Click
Here | Threat Modeling Procedure in Application Security
CYBER CYBER
NEWS NEWS
NSA EXPLOITATION
and Tianfu
Cup
EXPLOITATION EXPLOITATION
Search for
Urgent Micros
01. SS Card Replacement Online
Patch oft
Apple OWASP
TOP 10
Yahoo! Search Releas
OWAS
To prevent this attack, apply packet filtering, use encrypted and authenticated
P Top
secure communication protocols and authenticate users and systems by their IP
addresses when devices are on the network.
Tampering:
Tampering is the process of altering or manipulating the data on the application or
FOLLOW US ON
system. Theft actors can potentially change data delivered to them, return it, and
thereby potentially manipulate client-side validation, GET and POST results, TWITTER
cookies, HTTP headers, and so forth.
…
This attack can be reduced by performing a frequent backup process for the data · Nov 17, 2021
in the application. The application should also carefully check data received from
Cyber Attacker
the user and validate that it is sane and applicable before storing or using it. sends thousands
of fake Cyber
Repudiation: Security alerts
from real FBI
Repudiation occurs when the attacker rejects or disagrees with the claims against address by
hacking their
them for performing the malicious violation in the application or system. The
email servers.
attacker can utilize this threat if the application fails to log the actions and events #FBI #Hacked
properly or unauthorized modification on the logs performed. #emailsecurity
#Server
#securitybreach
In order to prevent this threat, non-repudiation controls should be implemented in
#cybernews
the application, such as every action should be logged and monitored. Run audit #infosec
trail with integrity controls to prevent tampering or deletion. #cybersecurity
#cyberattack
#defenselead
Information Disclosure: @sectest9
@CyberSecurity
Information disclosure generally occurs when an attacker access and view N8
unauthorized confidential and sensitive information in the application or system
due to improper implementation of the access controls. Sensitive information
could be such as client or customer private data, employees information,
organization data and files, revealing system information in the form of error
messages and much more. defenselead.com
FBI Email Server
If an attacker publicly discloses the confidential data at large, there will be an Hacked To Send…
Fake Cyber
immediate loss of confidence and a substantial period of reputation loss. To
Security Alert
defend against this theft, a strong access controls mechanism must include Messages
throughout the application and apply principle of least privilege.
Denial of Service attack means when the attacker restricts the application or
system to perform the task or service that was intended for, making it inaccessible
to the users. This attack can be performed by sending multiple overloaded FOLLOW US ON
requests to the application which eventually slows down the system operations
FACEBOOK
due to huge traffic and finally, it crashes.
Though attackers will not have financial benefits or any access to confidential
data with this attack, but it will be a great loss in regards to money and reputation
for the organizations if their business comes to rest due to DoS attack.
Search for
Defens…
23 followers
!! Cyber Attacker
sends thousands of
Yahoo! Search
fake Cyber Security
To mitigate from this attack, monitor and analyze the network traffic by using alert emails from a
firewall protection or intrusion detection system and strengthen the security real FBI address by
hacking their email
posture of the organization.
servers !!
Read more-
Elevation of Privilege: https://defenselead.co
m/fbi-email-server-
Elevation of Privilege attack occurs when an attacker exploits a design flaw, bug, hacked-send-fake-…/
or configuration error in an operating system or application to gain unauthorized #fbi #hacking #email
#cybersecurity
elevated access to resources that are usually restricted from an application or
#cyberattack
user. #serversecurity
#spamming #leep
This vulnerability generally occurs when there is a failure to follow the principle of #securitybreach
#hacked #cybernews
least privilege, insufficient security controls and users with more privileges than
they actually authorized. Also, due to software vulnerabilities or using specific
techniques to control an application’s permission mechanism, attackers can
exploit and perform the attack.
DefenseLead is a
dedicated platform
for articles,
information, white
papers and news
about Cyber
Security from
around the world.
Contact us at
Recommendation to prevent this attack is to implement least privilege policy, defenselead.official
enforce secure password management and follow secure coding practices. @gmail.com and
follow us on
Conclusion: Twitter, Facebook a
nd LinkedIn to read
Security is generally an overlooked aspect in application development taking it as more exclusive
least priority. But in today’s world, applications are facing more regular cyber contents.
threats of data insecurity. So, implementing STRIDE methodology, which is the
best method of Threat Modeling procedure to test the application before and even
after designed and deployed.
Found this article interesting? Follow DefenseLead on Twitter, Facebook and
LinkedIn to read more exclusive content.
SUBSCRIBE TO
NEWSLETTER
By Defense Lead
Email Address
Subscribe
RELATED POST
Approach
Leave a Reply
APPLICATION SECURITY
Security Companies
Defense Lead
Cyber Security