In this video, discover three types of information disclosure: content, metadata, and privacy.
- The I in STRIDE stands for information disclosure.…For example, if someone logs in to the portal…to upload ads from a coffee shop,…can anyone in that coffee shop see…their username and password?…Usernames and passwords are supposed to be secret,…just like the contents of a new ad campaign.…Come on, admit it,…isn't that really why you watched the Super Bowl?…Contents of logs are also confidential.…Who's being shown ads may reveal details…of Red30's proprietary StickyEye tracking technology…and more of those details are accessible…on the media server.…
Each of these secrets needs to be kept a secret relative…to different audiences.…No customer gets to learn about StickyEye.…Each customer can only see their own specific metrics…and they can't have access…to other customers' success rates.…On the network,…the best confidentiality comes via cryptography.…In fact cryptography is the best way…to protect every secret,…but then you have to manage keys,…and that's complicated.…TLS mostly handles key management for you.…
Within a system, it can be easier to use permissions.…
Share this video
Embed this video
Video: Information disclosure