# Threat Modeling ### What is STRIDE? - Spoofing : using someone else's credentials to gain access to otherwise inaccessible assets - Tampering : Changing data to mount an attack - Repudiation : Occurs when a user denies performing an action, but the target of the action has no way to prove otherwise - Information Disclosure : disclosure of information to a user who does not have permission to see it - Denial of Service : Reducing the ability of valid users to access resources - Elevation of Privilege : occurs when an unprivileged user gains privileged status. ### What is DREAD? ### Threat Modeling excersise examples 1. Instant messaging system 2. Password storage system 3. Ecommerce store 4. Given an application where a client wants to look up a service from service discovery provider.