STRIDE is a threat modeling framework where 'T' stands for:
STRIDE = Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege — a Microsoft framework for categorising security threats.
Attack surface includes all externally accessible interfaces, services, APIs, network ports, and code paths — reducing attack surface is a key security principle.
4 / 5
What does 'defence in depth' mean in security architecture?
Defence in depth uses multiple security layers (perimeter, network, host, application, data) — an attacker must breach all layers, making compromise significantly harder.
5 / 5
In STRIDE, 'Elevation of Privilege' means:
EoP threats involve attackers gaining unauthorised access: a low-privilege user exploiting a bug to gain admin rights, or a web app user accessing another user's data.