STRIDE (Threat Identification)
| Threat | Desired property |
|---|---|
| Spoofing | Authenticity |
| Tampering | Integrity |
| Repudiation | Non-repudiability (Accountability) |
| Information disclosure | Confidentiality |
| Denial of Service | Availability |
| Elevation of Privilege | Authorization |
DREAD (Threat Assessment)
| Rating Category | Explanation |
|---|---|
| Damage | how bad would an attack be? |
| Reproducibility | how easy is it to reproduce the attack? |
| Exploitability | how much work is it to launch the attack? |
| Affected Users | how many people will be impacted? |
| Discoverability | how easy is it to discover the threat? |