STRIDE threat modeling and vulnerability triage walkthrough
| Category | Threat | Likelihood | Impact | Risk Score | Status | Action |
|---|---|---|---|---|---|---|
| Spoofing | Attacker impersonates user | Medium | High | 7/10 | ⚠️ Needs MFA | |
| Tampering | Cart price manipulation | High | High | 9/10 | 🔴 Critical | |
| Repudiation | User denies order | Low | Medium | 4/10 | ✅ Logging adequate | |
| Info Disclosure | Payment data leak | Medium | Critical | 9/10 | 🔴 Critical | |
| DoS | API rate limit abuse | High | Medium | 6/10 | ⚠️ Needs rate limiting | |
| Elevation | Admin access bypass | Low | Critical | 7/10 | ⚠️ Needs RBAC audit |
Input: Raw scanner output (10 findings)
Merged 3 duplicate SQL injection reports → 1 unique finding