secure-software-engineering/Exercise/Writeup/lab03.md

# Lab 3

## Stride examples

| DFD-Element | Concern | Example | Likelihood | Impact | 
| -- | -- | -- | -- | -- |
| User | Spoofing | Send a chat message in the name of another user | Possible | Moderate |
| User | Spoofing | Stolen credentials might be used to login | Unlikely | Severe |
| User Login | Tampering | Modify HTTP login header | Very Likely | Severe |
| Login | Denial of Service | Flood server with login requests | Unlikely | Minor |
| Login | Spoofing | Domain spoofing to impersonate server | Very Unlikely | Severe |
| Login | Tampering | Tamper the credentials of the user | Unlikely | Significant |
| Database | Information Disclosure | SQL Injection | Likely | Severe |

Notes:
- At this point in modeling we have to assume, we have no security features.
- Modifying HTTP headers thus results in a risk treatment that we require secure connections
Update markdown files 2022-06-07 10:19:10 +02:00			`# Lab 3`

			`## Stride examples`

Risk Analysis 2022-06-07 10:53:48 +02:00			`\| DFD-Element \| Concern \| Example \| Likelihood \| Impact \|`
			`\| -- \| -- \| -- \| -- \| -- \|`
			`\| User \| Spoofing \| Send a chat message in the name of another user \| Possible \| Moderate \|`
			`\| User \| Spoofing \| Stolen credentials might be used to login \| Unlikely \| Severe \|`
			`\| User Login \| Tampering \| Modify HTTP login header \| Very Likely \| Severe \|`
			`\| Login \| Denial of Service \| Flood server with login requests \| Unlikely \| Minor \|`
			`\| Login \| Spoofing \| Domain spoofing to impersonate server \| Very Unlikely \| Severe \|`
			`\| Login \| Tampering \| Tamper the credentials of the user \| Unlikely \| Significant \|`
			`\| Database \| Information Disclosure \| SQL Injection \| Likely \| Severe \|`

			`Notes:`
			`- At this point in modeling we have to assume, we have no security features.`
			`- Modifying HTTP headers thus results in a risk treatment that we require secure connections`