It is a mnemonic for things that go wrong in security. It stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege:
- Spoofing: is pretending to be something or someone you’re not.
- Tampering: is modifying something you’re not supposed to modify. It can include packets on the wire (or wireless), bits on disk, or the bits in memory.
- Repudiation: means claiming you didn’t do something (regardless of whether you did or not)
- Information Disclosure: is about exposing information to people who are not authorized to see it.
- Denial of Service.
- Elevation of Priviledge: is when a program or user is technically able to do things that they’re not supposed to do.