STRIDE

 S - Spoofing, identity steal, pretending to be someone else

T - Tampering - changing data, permissions, system access etc

R - Repudiation -  injecting data that will be not valid for service - to protect use schema validation for instance

I - Information disclosure - capturing some part of the system and listen to requests, for instance hacker subscribe to an events service that send confidential data to all subscribers  - to protect we can implement zero trust model, meaning that each part of the system (i.e microservice) will only trust verified users/services with valid tokens etc.

D - Denial of service - flooding the service with lots of request results in system not being able to fulfill request leading to delays/failures in response

E - Escalation of privilege - 

Comments