All labs
Lab 49
Secure Architecture

STRIDE Threat Model

Walk the appointment system through STRIDE โ€” Spoofing, Tampering, Repudiation, Information disclosure, DoS, Elevation of privilege. Click each threat to see how it attacks the system and the mitigation that stops it.

Walk the healthcare appointment system through the six STRIDE threats. Click each letter to see how it attacks the system and the mitigation that stops it.
๐Ÿง‘User
โ†’
๐ŸšชGateway
โ†’
โš™๏ธService
โ†’
๐Ÿ—„๏ธDB
ยท
๐Ÿ› ๏ธAdmin
๐Ÿ“‹Audit
I โ€” Information disclosure
Seeing data that should be private
Threat
A patient edits the URL id and reads another patient's report (IDOR).
Mitigation
Authorization / ownership checks, encryption at rest & in transit, least privilege.
What just happened