What is STRIDE in threat modeling?
D4 ยท Operations ยท CompTIA Security+ SY0-701STRIDE is a threat classification model developed by Microsoft to categorize security threats during the design phase:
| Letter | Threat | Violated Property |
|---|---|---|
| S | Spoofing | Authentication |
| T | Tampering | Integrity |
| R | Repudiation | Non-repudiation |
| I | Information Disclosure | Confidentiality |
| D | Denial of Service | Availability |
| E | Elevation of Privilege | Authorization |
Memorize STRIDE and its corresponding security properties โ this is high-yield exam content. Each STRIDE threat has specific countermeasures: Spoofing โ strong authentication, Tampering โ integrity controls/HMAC, Repudiation โ audit logging, Info Disclosure โ encryption, DoS โ rate limiting/redundancy, EoP โ least privilege/access control.