Quiz Entry - updated: 2026.07.14
What does STRIDE stand for and what security property does each threat category threaten?
Spoofing↔Authentication, Tampering↔Integrity, Repudiation↔Non-repudiation, Information disclosure↔Confidentiality, Denial of service↔Availability, Elevation of privilege↔Authorization.
STRIDE Threat-to-Property Mapping:
| Threat | Security Property Violated |
|---|---|
| Spoofing | Authentication |
| Tampering | Integrity |
| Repudiation | Non-repudiation |
| Information Disclosure | Confidentiality |
| Denial of Service | Availability |
| Elevation of Privilege | Authorization |
Usage: Use STRIDE to systematically step through diagram elements (processes, data stores, data flows, trust boundaries) and identify potential threats.
Tip: Think of the CIA triad + Authentication + Authorization + Non-repudiation — STRIDE covers all six security properties.
Go deeper:
STRIDE model (Wikipedia) — each letter mapped to its security property; credits Garg & Kohnfelder.
OWASP Threat Modeling Process — STRIDE — the six categories with matching controls.