Login

Interview Questions for Business Analysts and Systems Analysts

Recent Interview Questions | Search | Subscribe (RSS)

?
INTERVIEW QUESTION:

What is the STRIDE technique for security analysis?

Posted by Adrian M.

Article Rating // 31 Views // 0 Additional Answers & Comments

Categories: Analytical and Problem Solving Skills, General, Enterprise Analysis (BABOK KA)

ANSWER

STRIDE is a threat modeling framework developed by Microsoft to help identify and categorize potential security threats in software systems. It is commonly used during system design and architecture review to proactively uncover vulnerabilities before implementation or deployment.

1. Meaning of STRIDE

Each letter in STRIDE represents a type of security threat:

Letter Threat Category Description Example
S Spoofing Impersonating another user, system, or process. Logging in using someone else’s credentials.
T Tampering Modifying data or code, either in transit or at rest. Altering a database record or configuration file.
R Repudiation Performing actions that cannot be traced or proven. A user denies performing an operation because there is no audit log.
I Information Disclosure Exposing information to unauthorized entities. Leaking personal data through logs or unsecured APIs.
D Denial of Service (DoS) Making a system or service unavailable to legitimate users. Flooding a server with requests to crash it.
E Elevation of Privilege Gaining higher access rights than intended. A normal user executes administrative commands.

 

2. Purpose and Benefits

STRIDE provides a structured approach for:

  • Identifying security risks early in the design phase.
  • Improving system resilience and compliance with security standards.
  • Facilitating communication among developers, analysts, and security teams.

It aligns with data flow diagrams (DFDs) — each DFD element (process, data store, data flow, external entity) can be analyzed against STRIDE categories to find relevant threats.

3. How STRIDE Works (Process)

  1. Model the system: Create a Data Flow Diagram (DFD) or architecture diagram showing processes, data stores, data flows, and external entities.
  2. Identify trust boundaries: Mark where different security privileges meet—these are high-risk areas.
  3. Apply STRIDE categories: For each element in the DFD, ask STRIDE-based questions (e.g., “Can this data flow be tampered with?”).
  4. Document threats: Log identified threats, their likelihood, and potential impact.
  5. Mitigate and validate: Recommend and apply mitigations (authentication, encryption, logging, etc.), then validate the design.

4. Example

In a web application handling customer logins:

  • Spoofing: An attacker fakes a login token.
  • Tampering: JavaScript files are modified on the server.
  • Repudiation: No audit log of failed logins.
  • Information Disclosure: Passwords sent without encryption.
  • Denial of Service: Automated requests overwhelm the login endpoint.
  • Elevation of Privilege: A user manipulates a session to access admin features.

What is the STRIDE technique for security analysis?

RATE THIS TOPIC

ADDITIONAL ANSWERS / COMMENTS

Only registered users may post comments.

Do your homework prior to the business analysis interview!

Having an idea of the type of questions you might be asked during a business analyst interview will not only give you confidence but it will also help you to formulate your thoughts and to be better prepared to answer the interview questions you might get during the interview for a business analyst position.  Of course, just memorizing a list of business analyst interview questions will not make you a great business analyst but it might just help you get that next job.

 



Upcoming Live Webinars

 




Select ModernAnalyst Content

Register | Login

Interview Question Categories

brought to you by Modern Analyst Media LLC enabling practitioners & organizations to achieve their goals using:

Copyright 2006-2025 by Modern Analyst Media LLC