Cyber Security Academy · Lesson

The STRIDE Framework

Spoofing, Tampering, Repudiation and more.

What STRIDE Is

STRIDE is a threat categorization framework developed at Microsoft. It gives you six categories of threats so you can systematically ask 'what could go wrong?' for each component of a system.

STRIDE is a mnemonic for the six threat types:

Spoofing
Tampering
Repudiation
Information disclosure
Denial of service
Elevation of privilege

STRIDE Mirrors Security Properties

Each STRIDE category is the violation of a desirable security property. This pairing helps you remember what each threat attacks:

Threat                  Violates property
----------------------  --------------------
Spoofing                Authentication
Tampering               Integrity
Repudiation             Non-repudiation
Information disclosure  Confidentiality
Denial of service       Availability
Elevation of privilege  Authorization

All lessons in this course

Why Threat Modeling Matters
The STRIDE Framework
Data Flow Diagrams and Trust Boundaries
Attack Trees and Prioritizing Risk

← Back to Cyber Security Academy