What is STRIDE? A Practitioner's Definition
TL;DR - STRIDE is a threat modeling framework from Microsoft for finding six categories of security threats. - Use it to review apps, APIs, data flows, and trust boundaries before release or major changes. - It is most useful early in design, but still valuable during architecture reviews and incident follow-up.
Definition
STRIDE is a threat modeling method that helps teams systematically identify six types of threats in a system: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. In practice, it gives security and engineering teams a structured checklist for asking, “What can go wrong here?” and mapping those risks to specific parts of an application or architecture.
How it works
At a high level, STRIDE is used during design or review sessions to analyze a system model, usually a simple data flow diagram (DFD) or architecture sketch. You identify components such as users, services, databases, APIs, queues, and trust boundaries, then walk through each one using the six STRIDE categories.
The categories are:
-
Spoofing: Pretending to be someone or something else
Example: attacker uses stolen session tokens or weak API keys to impersonate a user or service. -
Tampering: Modifying data or code without authorization
Example: changing request parameters, database records, build artifacts, or messages in transit. -
Repudiation: Performing an action and later denying it
Example: a user submits a transaction, but weak logging means there is no reliable audit trail. -
Information Disclosure: Exposing data to unauthorized parties
Example: verbose error messages, public storage buckets, leaked secrets, or unencrypted traffic. -
Denial of Service: Making a system unavailable or degraded
Example: request flooding, resource exhaustion, expensive database queries, or queue saturation. -
Elevation of Privilege: Gaining permissions beyond what was intended
Example: an ordinary user accesses admin functions through broken authorization logic.
A common way to use STRIDE is:
-
Draw the system
Include external entities, processes, data stores, and trust boundaries. -
Walk each component and data flow
Ask which STRIDE categories apply to that element. -
Write concrete threat statements
Instead of “tampering risk exists,” write “an attacker could modify invoice totals in transit between the frontend and billing API if integrity checks are missing.” -
Map threats to controls
Tie each risk to mitigations such as MFA, signed tokens, authorization checks, input validation, encryption, rate limiting, WAF rules, or immutable logging. -
Prioritize
Focus first on threats that impact crown-jewel data, internet-facing services, privileged functions, and weak trust boundaries. -
Track remediation
Threat modeling is only useful if findings become tickets, design changes, test cases, or security requirements.
Technical Notes
A lightweight STRIDE worksheet often looks like this:
| Asset or Component | STRIDE Category | Threat | Mitigation |
|---|---|---|---|
| Login API | Spoofing | Credential stuffing against weak auth | MFA, rate limiting, bot detection |
| Payment service | Tampering | Request fields changed before processing | Request signing, server-side validation |
| Admin portal | Elevation of Privilege | Broken RBAC allows user-to-admin access | Centralized authorization checks |
| Audit logs | Repudiation | Logs can be altered or are incomplete | Immutable logs, time sync, access controls |
You can also turn STRIDE outcomes into test cases:
Threat: Information Disclosure in file upload service
Test: Upload malformed files and inspect responses for stack traces, object paths, or keys
Expected: Generic errors only, no sensitive details returned
For cloud and application teams, a simple review prompt can help:
For each trust boundary, ask:
- Who can send data across it?
- How is identity verified?
- Can data be modified in transit?
- What happens if the sender denies the action?
- Could sensitive data cross the boundary?
- What if the boundary is flooded or abused?
- Can crossing it grant more privilege than intended?
When you’ll encounter it
You will most often encounter STRIDE in secure design reviews, application threat modeling workshops, SDLC security programs, and architecture assessments. It is common in organizations that want developers, architects, and security teams to speak the same language about design risk without immediately jumping into tooling.
Typical scenarios include:
- Designing a new web app or SaaS feature
- Reviewing an API before production launch
- Re-architecting a monolith into microservices
- Assessing identity flows such as SSO, OAuth, or service-to-service auth
- Evaluating cloud migrations and new trust boundaries
- Investigating how an incident could have been prevented at design time
- Creating security requirements for regulated or high-risk systems
For SMBs and smaller engineering teams, STRIDE is especially useful because it does not require a large program or expensive platform to get started. A whiteboard, a diagram, and one focused meeting can surface meaningful risks early. That makes it a practical framework for teams that need something more structured than ad hoc brainstorming, but lighter than formal risk analysis.
STRIDE is also valuable after deployment. If a bug bounty report, pen test, or production incident reveals a design weakness, you can revisit the affected data flow and apply STRIDE to nearby components. This often uncovers related issues, not just the originally reported flaw.
Technical Notes
A simple architecture inventory for a STRIDE session might include:
External entities:
- End users
- Third-party identity provider
- Payment gateway
Processes:
- Web frontend
- API gateway
- Auth service
- Order service
Data stores:
- User database
- Session store
- Audit log bucket
Trust boundaries:
- Internet to edge
- Edge to internal services
- Production account to third-party SaaS
If you already collect application and infrastructure logs, STRIDE can guide what to validate:
Look for:
- Failed logins and impossible travel patterns for Spoofing
- Parameter changes and integrity failures for Tampering
- Missing request IDs or inconsistent audit events for Repudiation
- Secrets, tokens, or PII in logs for Information Disclosure
- 429/5xx spikes and queue backlogs for Denial of Service
- Role changes, sudo events, or denied admin access attempts for Elevation of Privilege
Related terms
A few terms regularly appear alongside STRIDE:
- Threat modeling: The broader practice of identifying threats, attack paths, and mitigations during design or review.
- Data Flow Diagram (DFD): A visual model of processes, data stores, entities, and trust boundaries. Often the starting point for STRIDE.
- Trust boundary: A point where the level of trust changes, such as internet-to-app, user-to-admin function, or one cloud account to another.
- Attack surface: The set of reachable entry points an attacker can interact with.
- Abuse case: A negative scenario describing how a feature could be misused.
- DREAD: An older risk rating model sometimes mentioned with STRIDE, though less commonly used today.
- PASTA: A more process-heavy threat modeling methodology that adds business impact and attacker-centric analysis.
- LINDDUN: A privacy-focused framework, often used when privacy threats matter as much as classic security threats.
- Mitigation: A control that reduces likelihood or impact, such as MFA, encryption, segmentation, or logging.
In practice, STRIDE is best thought of as a structured lens, not a complete security program. It helps teams consistently identify likely threat classes, but it does not replace secure coding, testing, vulnerability management, or incident response. Its real value is that it turns vague security concerns into named, reviewable threats tied to architecture decisions.
If you need a concise practitioner definition: STRIDE is a six-category threat modeling framework used to analyze systems, find design-level security weaknesses, and assign practical mitigations before attackers find them first.
For further reading, check out our articles on how to build a vulnerability patching playbook and what is secrets management.
This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.