STRIDE/DREAD Threat Modeling
STRIDE/DREAD Threat Modeling is a Microsoft-developed methodology for systematically identifying and prioritizing security threats in software systems. STRIDE enumerates threat categories (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege), and DREAD scores threats by Damage, Reproducibility, Exploitability, Affected Users, and Discoverability.
Rekodi ya chanzo
Nukuu zimehamishwa kwa uhalisi kutoka kwa rekodi ya chanzo cha mbinu. Hakuna uthibitisho wa kiwango cha dai unaodokezwa kutoka kwao.
- Shostack, A. (2008). Threat Modeling: Designing for Security. Microsoft Press. · ISBN 0735619913
- Howard, M., & Lipner, S. (2006). The Security Development Lifecycle. Microsoft Press. · ISBN 0735622140
- Schoenfield, B. (2015). Securing the Internet of Things. Apress. · ISBN 1430268271
Madai yaliyotunzwa
Madai yamehifadhiwa katika daftari la ushahidi, kila moja ikiwa na tathmini yake.
Mwonekano huu haubuni tathmini ya dai wakati daftari haina yoyote.
Mbinu zinazohusiana
Zilizotengenezwa kutoka kwa grafu ya mbinu na kuonyeshwa kama uhusiano uliopendekezwa na mashine — hakuna dai la ushahidi linalodokezwa.
Grafu ya uhusiano iliyotengenezwa haina uhusiano wowote unaotoka kwa mbinu hii.