S : Spoofing
T : Tampering
R : Repudiation
I : Information Disclosure
D : Denial of Service (DOS)
E : Elevation of Privilege
Developed by Loren Kohnfelder and Praerit Garg in 1999 to identidy potential vulnerabilities and threats to your products
| Type of Threat | Violation | How | |
|---|---|---|---|
| S | Spoofing | Authentication | Impersonating something or someone knwon and trusted |
| T | Tampering | Integrity | Modifying data on disk, Memory, Netowrk etc |
| R | Repudiation | Non- repudiation | Claims to not be responsible for an action |
| I | Information Disclosure | Confidentiality | Providing information to someone who is not authorised |
| D | Denial of Service (DoS) | Availability | Denying or obstructing access to resources required to provide service |
| E | Elevation of Privilege | Authorization | Allowing access to someone without proper authorization |