Tutorials › Cybersecurity and AI Security › Threat Modelling

Threat Modelling

5 min read Quiz at the end

STRIDE threat modelling identifies Spoofing, Tampering, Repudiation, Info Disclosure, DoS, Elevation of Privilege.

Threat Modelling

Threat modelling systematically identifies threats before building — far cheaper than fixing post-breach.

# STRIDE threat model
# S -- Spoofing:       impersonating a user or service
# T -- Tampering:      modifying data without authorisation
# R -- Repudiation:    denying an action occurred
# I -- Info Disclosure: exposing private data
# D -- Denial of Service: making service unavailable
# E -- Elevation of Privilege: gaining unauthorised access

# STRIDE applied to login endpoint
POST /api/login
  Spoofing:   attacker brute-forces credentials
  Tampering:  modify JWT in transit (man-in-the-middle)
  Repudiation:no audit log of login attempts
  Info Disc:  detailed error reveals valid usernames
  DoS:        no rate limiting, flood with requests
  Elevation:  SQL injection bypasses auth check

# PASTA (Process for Attack Simulation and Threat Analysis)
# DREAD scoring: Damage, Reproducibility, Exploitability,
#                Affected users, Discoverability

← Cybersecurity Fundamentals Next: OWASP Top 10 →

Topic Quiz · 1 questions

Test your understanding before moving on

1. What does STRIDE stand for in threat modelling?

💡 STRIDE: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege.

Quick Access

Threat Modelling

Threat Modelling

Test your understanding before moving on