Regardless of which SDLC model is used, the security requirements and constraints must be determined before the product can be built. Security design follows a threat model that is developed based on what is known about the system/application design and architecture. Based on the following scenario, utilize STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) to identify possible threats against the system.
Scenario:
You have been asked to design a Web-based User Feedback System. Users will be required to register in the system prior to first-time use. Users can then log in using the self-selected username and password. Users will be able to enter feedback comments and then log off the system.
(Uploaded image)
Deliverables:
For this assignment, you are to:
- Create a report addressing each component of STRIDE based on the given scenario.
0 comments