872 B
872 B
Lab 3
Stride examples
DFD-Element | Concern | Example | Likelihood | Impact |
---|---|---|---|---|
User | Spoofing | Send a chat message in the name of another user | Possible | Moderate |
User | Spoofing | Stolen credentials might be used to login | Unlikely | Severe |
User Login | Tampering | Modify HTTP login header | Very Likely | Severe |
Login | Denial of Service | Flood server with login requests | Unlikely | Minor |
Login | Spoofing | Domain spoofing to impersonate server | Very Unlikely | Severe |
Login | Tampering | Tamper the credentials of the user | Unlikely | Significant |
Database | Information Disclosure | SQL Injection | Likely | Severe |
Notes:
- At this point in modeling we have to assume, we have no security features.
- Modifying HTTP headers thus results in a risk treatment that we require secure connections