STRIDE is a threat classification model created by Microsoft that breaks down threats into six categories:
Spoofing
Tampering
Repudiation
Information disclosure
Denial of Service
Elevation of privilege
It is specifically designed for threat modeling.
PTES is a general pentesting methodology.
OSSTMM is a framework for operational security testing.
OCTAVE is a risk assessment methodology, not focused on threat classification.
[Reference: PT0-003 Objective 3.1 – Understand and apply threat modeling methodologies like STRIDE., , , , ]
Submit