Risk Analysis
This commit is contained in:
parent
ddcab494fc
commit
a6ee250635
@ -2,11 +2,16 @@
|
|||||||
|
|
||||||
## Stride examples
|
## Stride examples
|
||||||
|
|
||||||
| DFD-Element | Concern | Example |
|
| DFD-Element | Concern | Example | Likelihood | Impact |
|
||||||
| -- | -- | -- |
|
| -- | -- | -- | -- | -- |
|
||||||
| User | Spoofing | Send a chat message in the name of another user |
|
| User | Spoofing | Send a chat message in the name of another user | Possible | Moderate |
|
||||||
| User | Spoofing | Stolen credentials might be used to login |
|
| User | Spoofing | Stolen credentials might be used to login | Unlikely | Severe |
|
||||||
| User Login | Tampering | Modify HTTP login header |
|
| User Login | Tampering | Modify HTTP login header | Very Likely | Severe |
|
||||||
| Login | Denial of Service | Flood server with login requests |
|
| Login | Denial of Service | Flood server with login requests | Unlikely | Minor |
|
||||||
| Login | Spoofing | Domain spoofing to impersonate server |
|
| Login | Spoofing | Domain spoofing to impersonate server | Very Unlikely | Severe |
|
||||||
| Database | Information Disclosure | SQL Injection |
|
| Login | Tampering | Tamper the credentials of the user | Unlikely | Significant |
|
||||||
|
| Database | Information Disclosure | SQL Injection | Likely | Severe |
|
||||||
|
|
||||||
|
Notes:
|
||||||
|
- At this point in modeling we have to assume, we have no security features.
|
||||||
|
- Modifying HTTP headers thus results in a risk treatment that we require secure connections
|
||||||
|
Loading…
Reference in New Issue
Block a user