Penguin Fortress YouTube Channel

Security Threat Modelling / Analysis using STRIDE and the Microsoft Threat Analysis Tool

The below video provides an introduction to the theory behind threat modelling and analysis using the STRIDE categorization scheme. It provides a way to identify threats to software you are developing yourself as well as off-the-shelf software products.

Transcript: Security Threat Modelling / Analysis using STRIDE and the Microsoft Threat Analysis Tool - Video Transcript

This is one of the things you need to know if you are planning to work towards CISSP cybersecurity certification.

The video talks about the theory on creating a data flow diagram, and how the analysis is then applied. In a future video I plan to create another video with a practical example of how to apply STRIDE analysis to an open source software projects.

The 6 steps to STRIDE are:

  • Spoofing - imitating someone or something else to gain access to a system or higher privilage
  • Tampering - unauthorized changes to data or configuration
  • Repudiation - identifying who has done what on the system
  • Information Disclosure - unathorized access to information that is confidential or secret
  • Denial of Service DoS - preventing access to a service
  • Elevation of privilege - increasing the level of privilege after logging in as less priveleged user

More information

Please subscribe to Penguin Fortress on YouTube for future videos.

For more details about how security see the following guides:

Previous CIA Triad
CIA Triad
Next Example STRIDE Analysis
Example STRIDE Analysis