0
0
Cybersecurityknowledge~5 mins

Threat modeling (STRIDE, DREAD) in Cybersecurity - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime
Recall & Review
beginner
What does the STRIDE acronym stand for in threat modeling?

STRIDE stands for:

  • Spoofing - pretending to be someone else
  • Tampering - modifying data or code
  • Repudiation - denying an action or transaction
  • Information Disclosure - exposing information to unauthorized parties
  • Denial of Service - making a service unavailable
  • Elevation of Privilege - gaining higher access than allowed
Click to reveal answer
beginner
What is the main purpose of threat modeling in cybersecurity?

Threat modeling helps identify, understand, and prioritize potential security threats to a system before they happen. It guides teams to design safer systems by thinking like attackers.

Click to reveal answer
intermediate
How does the DREAD model help in threat assessment?

DREAD scores threats based on five factors:

  • Damage potential - How bad is the damage?
  • Reproducibility - How easy is it to repeat the attack?
  • Exploitability - How easy is it to launch the attack?
  • Affected users - How many users are impacted?
  • Discoverability - How easy is it to find the vulnerability?

This helps prioritize which threats to fix first.

Click to reveal answer
beginner
Give a real-life example of a Spoofing threat from STRIDE.

Example: Someone pretending to be a trusted friend by using their email address to send fake messages. This tricks the receiver into trusting the message and possibly sharing sensitive info.

Click to reveal answer
beginner
Why is Denial of Service (DoS) considered a serious threat in STRIDE?

DoS attacks make a service or website unavailable by overwhelming it with traffic or requests. This can stop users from accessing important services, causing disruption and loss.

Click to reveal answer
Which STRIDE category involves pretending to be someone else?
ARepudiation
BTampering
CSpoofing
DElevation of Privilege
In DREAD, what does 'Exploitability' measure?
AHow many users are affected
BHow easy it is to launch the attack
CHow bad the damage is
DHow easy it is to find the vulnerability
Which STRIDE threat involves unauthorized changes to data?
ATampering
BInformation Disclosure
CDenial of Service
DRepudiation
What is the main goal of threat modeling?
ATo create software faster
BTo design user interfaces
CTo test software performance
DTo identify and prioritize security risks
Which DREAD factor considers how many users are impacted by a threat?
AAffected users
BReproducibility
CDamage potential
DDiscoverability
Explain the STRIDE model and give a simple example for two of its categories.
Think about how attackers might pretend to be someone or block access to a service.
You got /2 concepts.
    Describe how the DREAD model helps prioritize security threats.
    Consider what makes some threats more urgent than others.
    You got /2 concepts.