Monday, April 04, 2005
Secure Code
1. Determine the threats to the system
STRIDE:
- Spoofing Identity
*** An attacker poses as another user or a rogue server to pose as a valid server
- Tampering with data
*** malicious modification of data
- Repudiation
*** Refuse to perform an action without other parties having any way to prove.
*** For example, non-repudiation means a receipt for a deal.
- Information disclosure
*** exposure of information to individuals who are not supposed to have access to it
- Denial of service
*** deny service to valid users
- Elevation of privilege
*** an unpriviledged user gains privileged access