From the course: Learning Threat Modeling for Security Professionals
Join today to access over 24,900 courses taught by industry experts.
Information disclosure
From the course: Learning Threat Modeling for Security Professionals
Information disclosure
- The I in STRIDE stands for information disclosure. For example, if someone logs in to the portal to upload ads from a coffee shop, can anyone in that coffee shop see their username and password? Usernames and passwords are supposed to be secret, just like the contents of a new ad campaign. Come on, admit it, isn't that really why you watched the Super Bowl? Contents of logs are also confidential. Who's being shown ads may reveal details of Red30's proprietary StickyEye tracking technology and more of those details are accessible on the media server. Each of these secrets needs to be kept a secret relative to different audiences. No customer gets to learn about StickyEye. Each customer can only see their own specific metrics and they can't have access to other customers' success rates. On the network, the best confidentiality comes via cryptography. In fact cryptography is the best way to protect every secret,…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Spoofing a specific server4m 30s
-
(Locked)
Tampering with a file3m 15s
-
(Locked)
Interlude: Scope and timing2m 15s
-
(Locked)
Repudiating an order4m 10s
-
(Locked)
Information disclosure2m 45s
-
(Locked)
Denial of service3m 35s
-
(Locked)
Elevation of privilege2m 34s
-
(Locked)
Expansion of authority3m 2s
-
(Locked)
-