LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Which STRIDE threats apply to each DFD element type?

Processes get all six; external entities get S+R; data stores and data flows get T+I+D.

Element S T R I D E
External Entity
Process
Data Store ?
Data Flow

How to remember:

  • Processes = ALL threats (they execute code, handle data, have identity)
  • External Entities = S + R (can be impersonated, can deny actions)
  • Data Stores = T + I + D (can be modified, leaked, deleted)
  • Data Flows = T + I + D (can be intercepted, modified, blocked)

Note: Data Stores marked "?" for Repudiation - only applies if they have logging.

Tip: When threat modeling, walk through each DFD element and check applicable STRIDE threats.

Go deeper:

From Quiz: SPRG / Mitigation and Risk Analysis | Updated: Jul 14, 2026