Web application security - the fast guide 1.1 | Page 64
Chapter 3 - Vulnerabilities and threat models
P a g e | 64
Exposing an administration function through the customer-facing Web
application.
Exposing exception details to the client.
4. Map the categories specified in CIA scheme to its equivalent in
the STRIDE Scheme
a-Spoofing
1-Confidentiality
b-Tempering
c-Repudiation
2-Integrity
d-Information discloser
e-Denial of service
3-Availability
f-Elevation of privileges
5. Calculate the DREAD Based quantitative value of RISK if you
know that User data where compromised, threat exploit is easy
to reproduce, the exploit can be done with browser only and all
users will be affected. The threat is visible directly and it can be
easily discovered.
a. Risk=45
b. Risk=62
c. Risk=20
d. Risk=35
Answers key
1
b
2
d
3
Essay
4
1d2ab3e
5
a