|
| TID | Threats | Explanation | STRIDE | Alleviated | VR |
| S | T | R | I | D | E |
|
| T1 | User give hostile Structured Query Language (SQL) information | There is a possibility of using the application by the hacker by including the Structured Query Language | | Yes | | | | Yes | No | VR12 |
| T2 | Exposure of sign-in information | The information of sign-in details of permitted user is hacked by the hackers | | | | Yes | | Yes | No | VR2, VR3, VR4 |
| T3 | Hack of session ID | The information of session details of permitted user is hacked by the hackers | | | | | | Yes | No | VR11 |
| T4 | Exposing the user information | In order to raise the privacy issue, the information of the user data will be exposed | Yes | | | Yes | | | No | VR5, VR6 |
| T5 | Entering the DB | DB of hospital ERP system will be attacked by the hacker | | Yes | Yes | Yes | | Yes | Yes | VR1-VR6 |
| T6 | Hacking sign in page of the admin | In the ERP system, the hacker hacks the admin page and then pretends to enter the system as the admin | | | | | | Yes | Yes | VR4 |
| T7 | Notification of message is blocked | The permitted user will never receive any notification about his hack or about stealing any of his information. | | | | | Yes | | Yes | VR15 |
| T8 | Falsification of user information | The information of the permitted user will be modified by the hacker | Yes | Yes | | | | Yes | No | VR5, VR6 |
| T9 | Removing the account of the user | The account of the permitted user will be deleted by the hacker | | | | | Yes | Yes | Yes | VR2, VR3 |
| T10 | ERP system crashing | ERP web application will be crashed by the hacker | | | | | Yes | | Yes | VR8 |
| T11 | Unpermitted access | Hacker hacks the sign-in information of the ERP system | | | | | | Yes | Yes | VR5, VR6 |
| T12 | Entering without sign in | Information of the permitted person will be hacked without signing in | | | Yes | | | | No | VR16 |
|
