STRIDE (security)

DREAD: Risk assessment

MSDL security

TOGAF framework

Spring.net framework

definition of software architecture

  • Spoofing of user identity
  • Tampering
  • Repudiation
  • Information disclosure (privacy breach or Data leak)
  • Denial of Service (D.o.S.)
  • Elevation of privilege

This is all about security. All attacks/preventions are listed as above. Let us go in detail.

Spoofing.

This is like ... someOne calls you on cell phone. but the callerId is wrong.

You get email and From address is wrong.

Your(you are a website) and client IP is wrong./ userid is wrong

Happens because it was actually tampered call from a middleman or a software tool

 

Tampering: Hardware-based security solutions can prevent read and write access to data and hence offers very strong protection against tampering and unauthorized access.

Non-repudiation refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract. The term is often seen in a legal setting wherein the authenticity of a signature is being challenged. In such an instance, the authenticity is being "repudiated".

This is like my name is wrong in (say hospital)records nad there is no way that i can ask for change

Information privacy, or data privacy is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them.

denial-of-service attack (DoS attack) is an attempt to make a machine or network resource unavailable to its intended users. One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. ex: attacker pins the website in such high volume (of requests)that webserver processors get saturated to their capacity - and wont be able to serve the genuine users.

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.