Exercise 4
No |
Target |
Threat |
STRIDE |
Techniques
& technologies |
1 |
HTTP
connection between Web browser and Web Server |
A
malicious user views or tampers with personal payroll data en route from the
Web server to the client or from the client to the Web server |
T, I |
Kerberos
authentication requires the users to authenticate themselves before the
communications channel is established. Use
SSL/TLS to protect the data from prying eyes as it travels between the client
and the Web server. |
No |
Subject |
Resource |
Access
Rights |
1 |
Interactive
Users |
JSP Pages |
Deny All
Access |