AppSec
π― STRIDE Threat Model Worksheet
Add application components, rate each STRIDE threat category, document mitigations, and export a structured threat model. All data stays in your browser.
π Project Details
β Add Component
No components yet. Add a component above to start your threat model.
π STRIDE Reference
| Threat | Description | Security Property Violated | Example |
|---|---|---|---|
| S Spoofing | Impersonating something or someone else | Authentication | Replay an auth token, forged email sender |
| T Tampering | Modifying data or code | Integrity | SQL injection, MITM data modification |
| R Repudiation | Claiming not to have performed an action | Non-repudiation | Deleting audit logs, bypassing logging |
| I Info Disclosure | Exposing information to unauthorized users | Confidentiality | Directory traversal, verbose error messages |
| D Denial of Service | Denying or degrading service to valid users | Availability | Resource exhaustion, amplification attacks |
| E Elevation of Privilege | Gaining capabilities beyond what is authorized | Authorization | IDOR, privilege escalation exploits |