STRIDE IT
R: 0/3 Total: 0/18

R — Repudiation

Repudiation is when actions can't be reliably traced—so someone can deny what they did. Accountability is the target.

Action performed Audit trail “It wasn't me! Show me proof!”

What it means

Repudiation is when a user can deny actions because the system can't prove who did what, and when.

Why it matters

If you can't trace actions, investigations and incident response become guesswork. Trust and accountability collapse.

How to mitigate

Use reliable audit logs: who, what, when, where. Protect logs from tampering, and include request IDs and server-side timestamps.

System Activity Log

Not solved

Every action on this page is logged below.

Mission: perform an action — then remove the evidence.

Task 2 — Missing Audit Log

An administrator deletes a customer account. Later, they deny ever doing it. There is no audit log entry for the deletion.

Not solved

What failed in this system?

Task 3 — Log Manipulation

A user performs a transfer. Later, they edit the log file and remove the entry. The system has no way to detect that logs were changed.

Not solved

What control is missing?