stride
Safeguard articles tagged "stride" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Threat-modeling for AI-native applications
STRIDE has six categories from 1999. OWASP's LLM Top 10 and MITRE ATLAS's ~84 techniques show why agentic AI needs new threat-modeling columns, not a new framework.
The STRIDE Methodology Explained
STRIDE is a threat-modeling mnemonic that turns a blank whiteboard into six specific questions: is this element vulnerable to Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, or Elevation of privilege? Here's how to apply it.
The Threat Modeling Process, Step by Step
Threat modeling answers four questions: what are we building, what can go wrong, what are we doing about it, and did we do enough? A concrete step-by-step process your team can run in an afternoon.
Threat Modelling: STRIDE, PASTA, and a Process That Ships
Threat modelling fails when it becomes a 40-page document nobody reads. Here is what STRIDE and PASTA actually offer, and a lightweight process that survives contact with sprint deadlines.
A Threat Model Example, Walked Through Step by Step
The fastest way to understand threat modeling is to watch one built end to end — this walks through a real threat model example for a simple login and payment flow.
A Beginner's Guide to Threat Modeling Your Build Pipeline
Your CI system is a production system with worse access controls. A first threat model of the pipeline takes one whiteboard session and usually finds something ugly.
Threat Modeling the Software Supply Chain
Traditional threat modeling focuses on your code. Supply chain threat modeling extends to every tool, dependency, and process that touches your software. Here is how to do it systematically.