Overview:
This document defines a systematic process of STRIDE Methodology used in organizations to find security threats and prevent them to build a secure application or system.
The main goal for this methodology is that the application is maintained and meets the security standards of Confidentiality, Integrity, and Availability (CIA).
What is STRIDE Methodology?
STRIDE is a Threat Modeling methodology used to identify the security threats in the application and systems. It is utilized in the organization as a classification scheme to characterize known threats according to the kinds of exploit that are used (or motivation of the attacker).
STRIDE is translated in full form as Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege.
STRIDE methodology was developed by two engineers Praerit Garg and Loren Kohnfelder at Microsoft in the late 1990s.
This methodology is implemented as a part of the thread modeling procedure. Cyber security professionals performed the Threat Modeling procedure step by step through identifying assets, later creating an architectural overview of the application that includes trust boundaries, subsystems and data flow and finally identifying the threats using STRIDE methodology.
Before proceeding with the STRIDE categories, let us know about Threat Modeling?
What is Threat Modeling?
Threat Modeling is a systematic step-by-step procedure to identify security threats, requirements, vulnerabilities, then measure the severity of impact and finally prioritize remediation methods to prevent or mitigate the effects.
This technique can be practiced in a broad range of things that includes applications, networks, systems, devices, and business processes.
To know more details about the Different Stages of Thread Modeling | Click Here | Threat Modeling Procedure in Application Security
Different Threat Categories of STRIDE Methodology:
It is an acronym for set of six security threats which are as follows:
Spoofing:
Spoofing is a malicious method in which an attacker impersonates as a trusted user in order to gain unauthorized access to sensitive information from the application’s database. In this attack, the authorized user has no information that the application is used with its credentials and it will also not trigger an alert to the administrator as the attacker logged in with authorized credentials.
Spoofing attacks can be performed in different ways such as through websites, phone calls, emails, texts, servers and IP addresses. This attack is the easiest way to perform and the hardest way to track.
To prevent this attack, apply packet filtering, use encrypted and authenticated secure communication protocols and authenticate users and systems by their IP addresses when devices are on the network.
Tampering:
Tampering is the process of altering or manipulating the data on the application or system. Theft actors can potentially change data delivered to them, return it, and thereby potentially manipulate client-side validation, GET and POST results, cookies, HTTP headers, and so forth.
This attack can be reduced by performing a frequent backup process for the data in the application. The application should also carefully check data received from the user and validate that it is sane and applicable before storing or using it.
Repudiation:
Repudiation occurs when the attacker rejects or disagrees with the claims against them for performing the malicious violation in the application or system. The attacker can utilize this threat if the application fails to log the actions and events properly or unauthorized modification on the logs performed.
In order to prevent this threat, non-repudiation controls should be implemented in the application, such as every action should be logged and monitored. Run audit trail with integrity controls to prevent tampering or deletion.
Information Disclosure:
Information disclosure generally occurs when an attacker access and view unauthorized confidential and sensitive information in the application or system due to improper implementation of the access controls. Sensitive information could be such as client or customer private data, employees information, organization data and files, revealing system information in the form of error messages and much more.
If an attacker publicly discloses the confidential data at large, there will be an immediate loss of confidence and a substantial period of reputation loss. To defend against this theft, a strong access controls mechanism must include throughout the application and apply principle of least privilege.
Denial of Service (DoS):
Denial of Service attack means when the attacker restricts the application or system to perform the task or service that was intended for, making it inaccessible to the users. This attack can be performed by sending multiple overloaded requests to the application which eventually slows down the system operations due to huge traffic and finally, it crashes.
Though attackers will not have financial benefits or any access to confidential data with this attack, but it will be a great loss in regards to money and reputation for the organizations if their business comes to rest due to DoS attack.
To mitigate from this attack, monitor and analyze the network traffic by using firewall protection or intrusion detection system and strengthen the security posture of the organization.
Elevation of Privilege:
Elevation of Privilege attack occurs when an attacker exploits a design flaw, bug, or configuration error in an operating system or application to gain unauthorized elevated access to resources that are usually restricted from an application or user.
This vulnerability generally occurs when there is a failure to follow the principle of least privilege, insufficient security controls and users with more privileges than they actually authorized. Also, due to software vulnerabilities or using specific techniques to control an application’s permission mechanism, attackers can exploit and perform the attack.
Recommendation to prevent this attack is to implement least privilege policy, enforce secure password management and follow secure coding practices.
Conclusion:
Security is generally an overlooked aspect in application development taking it as least priority. But in today’s world, applications are facing more regular cyber threats of data insecurity. So, implementing STRIDE methodology, which is the best method of Threat Modeling procedure to test the application before and even after designed and deployed.
Found this article interesting? Follow DefenseLead on Twitter, Facebook and LinkedIn to read more exclusive content.