Designing secure code
nThe STRIDE Threat Model – categories cont.:
nInformation disclosure – exposure of information to individuals who are not supposed to have access to it
Example:
A user’s ability to read a file that she was not granted access to and an intruder’s ability to read data in transit between two computers.
nDenial of service
nElevation of privilege
Example: Obtaining root account