THREAT-MODEL-EDI
Systematic threat modelling — STRIDE first-line for EDI.
Definition
STRIDE (Microsoft, 1999): Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege. Applied to EDI: DUNS spoofing, in-transit PO tampering, MDN repudiation, INVOIC price disclosure, DoS on AS2 endpoint, elevation via misconfigured API.
Origin
STRIDE created by Microsoft in 1999. Approach developed in Threat Modeling: Designing for Security (Adam Shostack, 2014).
Example in context
A STRIDE threat model for an AS2 endpoint identifies 12 threats: 3 Spoofing, 2 Tampering, 1 Repudiation, etc.
Related terms
- OWASP Top 10 — common web/API threats.