STRIDE
Developed by Microsoft, the STRIDE methodology utilizes an acronym representing six threat categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.
STRIDE aids in the identification of threats by considering potential vulnerabilities from various angles.
OCTAVE
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a risk-based methodology that focuses on identifying and prioritizing information security riskswithin an organization.
It follows a structured approach and involves collaborative workshops to assess threats and vulnerabilities and develop risk mitigation strategies.
OCTAVE focusses on identifying and managing business and operational level threats, not just software and systems level threats.
PASTA
The Process for Attack Simulation and Threat Analysis (PASTA) methodology is risk-centric, focusing on understanding and managing risks by analyzing the business impact of potential threats.
PASTA follows a structured seven-step process, which includes defining objectives, outlining application features, identifying threats, assessing vulnerabilities, specifying security requirements, constructing an attack matrix, and prioritizing threats.
TRIKE
TRIKE is a proactive threat modeling methodology that helps organizations identify and assess security threats.
By understanding attacker motivations and leveraging threat intelligence, TRIKE enables effective risk mitigation through robust countermeasures.
It promotes informed decision-making and enhances the security of systems and applications.
Attack Trees
Attack trees is a methodology that employs a graphical representation of potential attacks in a tree-like structure.
Each node in the tree represents a possible step in an attack, with branches indicating different attack paths.
By breaking down threats into smaller steps, attack trees help in understanding and visualizing the attack vectors and their dependencies.
