Identify
-
Potential threat
-
Potential occurrence
-
Concern Priority
-
Means to eradicate or mitigate threat
Categorized
Analyze
- Spoofing : using someone else's credentials to gain access to otherwise inaccessible assets
- Tampering : Changing data to mount an attack
- Repudiation : Occurs when a user denies performing an action, but the target of the action has no way to prove otherwise
- Information Disclosure : disclosure of information to a user who does not have permission to see it
- Denial of Service : Reducing the ability of valid users to access resources
- Elevation of Privilege : occurs when an unprivileged user gains privileged status.
- Instant messaging system
- Password storage system
- Ecommerce store
- Given an application where a client wants to look up a service from service discovery provider.