To give a sense of perspective, we classify where each of these flaws fits into the STRIDE framework. STRIDE is an mnemonic for identifying security threats: Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service and Elevation of privilege. For each flaw we detail its technical impact, and where possible, point out the business implications as well. Also, where possible, we try to offer an estimate for the magnitude of the challenge of protecting against a particular flaw, circumstances under which the flaw tends to occur and some examples of the flaw.

While the goal of this eBook is not to make you feel overwhelmed, it is intended to point out that it’s easy to get a false sense of security when it comes to security. Use this eBook as a starting point for where to look for architectural flaws, especially when the architecture changes. Because at the end of the day, threat modeling is a mental exercise in thinking through what you’re adversary is going to do. Hopefullythis eBook helps you in that regard.

Read the full report by clicking on the download button below.