From a6ee2506350833adf4e02b891d673134aa408daa Mon Sep 17 00:00:00 2001
From: Michael Chen <michael.chen@tuhh.de>
Date: Tue, 7 Jun 2022 10:53:48 +0200
Subject: [PATCH] Risk Analysis

---
 Exercise/Writeup/lab03.md | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/Exercise/Writeup/lab03.md b/Exercise/Writeup/lab03.md
index 1795d94..fda291a 100644
--- a/Exercise/Writeup/lab03.md
+++ b/Exercise/Writeup/lab03.md
@@ -2,11 +2,16 @@
 
 ## Stride examples
 
-| DFD-Element | Concern | Example |
-| -- | -- | -- |
-| User | Spoofing | Send a chat message in the name of another user |
-| User | Spoofing | Stolen credentials might be used to login |
-| User Login | Tampering | Modify HTTP login header |
-| Login | Denial of Service | Flood server with login requests |
-| Login | Spoofing | Domain spoofing to impersonate server |
-| Database | Information Disclosure | SQL Injection |
\ No newline at end of file
+| DFD-Element | Concern | Example | Likelihood | Impact | 
+| -- | -- | -- | -- | -- |
+| User | Spoofing | Send a chat message in the name of another user | Possible | Moderate |
+| User | Spoofing | Stolen credentials might be used to login | Unlikely | Severe |
+| User Login | Tampering | Modify HTTP login header | Very Likely | Severe |
+| Login | Denial of Service | Flood server with login requests | Unlikely | Minor |
+| Login | Spoofing | Domain spoofing to impersonate server | Very Unlikely | Severe |
+| Login | Tampering | Tamper the credentials of the user | Unlikely | Significant |
+| Database | Information Disclosure | SQL Injection | Likely | Severe |
+
+Notes:
+- At this point in modeling we have to assume, we have no security features.
+- Modifying HTTP headers thus results in a risk treatment that we require secure connections