# STRIDE

# Acronyms, Abbreviations, and Initialisms

Short Form	Full Form
SDLC	Software Development Lifecycle
STRIDE	Spoofing, Tampering, Repudiation, Information Disclosure, Denial-of-Service, and Elevation of Privilege

# Overview

STRIDE is an acronym that describes six categories of threats to software.

STRIDE was developed by Microsoft.

# Categories

The STRIDE acronym stands for:

Spoofing
Tampering
Repudiation
Information disclosure
Denial-of-service
Elevation of privilege

Spoofing is using someone else's credentials to gain access to otherwise inaccessible assets.

Tampering is changing data to mount an attack.

Repudiation occurs when a user denies performing an action, but the target of the action has no way to prove otherwise.

Information disclosure threats are the disclosure of information to a user who does not have permission to see it.

Denial-of-service attacks threaten the ability of valid users to access resources. The resources could be disk space, network connections, or a physical device. Attacks that slow performance to unacceptable levels are also considered denial-of-service attacks.

An elevation-of-privilege attack can occur if an unprivileged user gains privileged status.

STRIDE is particularly useful as part of the software development lifecycle (SDLC) in attempting to identify vulnerabilities throughout the build process. These six concepts help in identifying and classifying threats or vulnerabilities and help form a common language used to describe them.

# Noteworthy

STRIDE contains six categories.
STRIDE stands for spoofing, tampering, repudiation, information disclosure, denial-of-service, and elevation of privilege.

# Sources

https://docs.microsoft.com/en-us/windows-hardware/drivers/driversecurity/threat-modeling-for-drivers