From the course: Learning Threat Modeling for Security Professionals
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Elevation of privilege
From the course: Learning Threat Modeling for Security Professionals
Elevation of privilege
- The E in STRIDE stands for elevation of privilege, reducing the set of restrictions applied to you. So if you're currently restricted to send network packets to the AD server, you might elevate to run code or even Root on that machine. If someone can change something and their response is they shouldn't be able to do that, you may have an elevation of privilege attack. Some elevation of privilege issues relate to things protected only by obscurity like the admin control panel that used to be hidden on our web servers before we realized that was not a good idea and fixed it. Many other elevation of privilege attacks relate to how unprivileged input is parsed or confusion about the difference between code and data. For example, a SQL injection attack elevates privilege by running code that a web server passes to a database where the web server has taken its input data and allowed some of it to be treated as code. Similarly, a cross-site scripting attack gives an attacker the run code…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.