Risk Analysis

This commit is contained in:
Michael Chen 2022-06-07 10:53:48 +02:00
parent ddcab494fc
commit a6ee250635
No known key found for this signature in database
GPG Key ID: 1CBC7AA5671437BB

View File

@ -2,11 +2,16 @@
## Stride examples ## Stride examples
| DFD-Element | Concern | Example | | DFD-Element | Concern | Example | Likelihood | Impact |
| -- | -- | -- | | -- | -- | -- | -- | -- |
| User | Spoofing | Send a chat message in the name of another user | | User | Spoofing | Send a chat message in the name of another user | Possible | Moderate |
| User | Spoofing | Stolen credentials might be used to login | | User | Spoofing | Stolen credentials might be used to login | Unlikely | Severe |
| User Login | Tampering | Modify HTTP login header | | User Login | Tampering | Modify HTTP login header | Very Likely | Severe |
| Login | Denial of Service | Flood server with login requests | | Login | Denial of Service | Flood server with login requests | Unlikely | Minor |
| Login | Spoofing | Domain spoofing to impersonate server | | Login | Spoofing | Domain spoofing to impersonate server | Very Unlikely | Severe |
| Database | Information Disclosure | SQL Injection | | Login | Tampering | Tamper the credentials of the user | Unlikely | Significant |
| Database | Information Disclosure | SQL Injection | Likely | Severe |
Notes:
- At this point in modeling we have to assume, we have no security features.
- Modifying HTTP headers thus results in a risk treatment that we require secure connections