Regardless of which SDLC model is used, the security requirements and constraints must be determined before the product can be built. Security design follows a threat model that is developed based on what is known about the system/application design and architecture. Based on the following scenario, utilize STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) to identify possible threats against the system.
Scenario:
You have been asked to design a Web-based User Feedback System. Users will be required to register in the system prior to first-time use. Users can then log in using the self-selected username and password. Users will be able to enter feedback comments and then log off the system.
Deliverables:
For this assignment, you are to:
Create a report addressing each component of STRIDE based on the given scenario.
Your report should be 4–5 pages, not including the cover and reference pages, and formatted to University academic writing standards and APA style guidelines, citing references as appropriate.