❤️ Support Project
EN
EN English UK Українська PL Polski ES Español DE Deutsch FR Français PT Português TR Türkçe JA 日本語 KO 한국어 RU Русский

STRIDE

STRIDE is a six-category threat modeling framework used to identify and mitigate threats by category.

🌐 Terms in other languages:
English Deutsch Español Français 日本語 한국어 Polski Português Русский Türkçe Українська

STRIDE provides a structured taxonomy for thinking about threats to software systems. Each category highlights real-world threat patterns and typical mitigations. STRIDE is commonly applied to Data Flow Diagrams or architectural models to reveal how assets such as authentication tokens, data stores, or cryptographic keys can be misused or exposed. Practical use involves mapping STRIDE categories to controls like strong authentication (Spoofing), data integrity checks (Tampering), non-repudiation and audit logging (Repudiation), encryption and access controls (Information Disclosure), resource provisioning and rate limiting (Denial of Service), and least-privilege/principal isolation (Elevation of Privilege). Limitations include context sensitivity and the fact that STRIDE does not inherently rank threats by risk without additional context.

        graph LR
  Center["STRIDE"]:::main
  Rel_antimatter_propulsion["antimatter-propulsion"]:::related -.-> Center
  click Rel_antimatter_propulsion "/terms/antimatter-propulsion"
  Rel_arpanet["arpanet"]:::related -.-> Center
  click Rel_arpanet "/terms/arpanet"
  Rel_artificial_consciousness["artificial-consciousness"]:::related -.-> Center
  click Rel_artificial_consciousness "/terms/artificial-consciousness"
  classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
  classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
  classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
  classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
  linkStyle default stroke:#4b5563,stroke-width:2px;
🕸️ Open in Universe

🧒 Explain Like I'm 5

Generated ELI5 content

🤓 Expert Deep Dive

Generated expert content

❓ Frequently Asked Questions

What does STRIDE stand for?

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege.

How is STRIDE used in threat modeling?

It is applied to architectural diagrams and data flows to identify and mitigate threats by category.

Why is Elevation of Privilege included?

STRIDE is a threat modeling framework introduced by Microsoft to identify, categorize, and mitigate security threats against a system. It stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

How many STRIDE categories are there?

Six categories in the canonical STRIDE model.

📚 Sources

1. Stride
2. Elizabeth Stride
3. STRIDE model