Tampering (T) is the second suit of threats in the STRIDE threat enumeration.
Tampering describes any threat that allows an attacker (or accidentally causes a user) to alter or destroy data which the application has not allowed them to. Accordingly, the characters on the cards are green gremlins whose open mouths and sharp teeth could
indicate either shouting or a desire to eat.
Tampering threats are generally countered through quality implementations of Integrity protection and Authorisation.
Another successful way to mitigate tampering is to not care about the integrity of data - this only works if you are able to handle abusive and incorrect data without causing a loss of function (this Wiki is an example of what happens in this model!). Ignoring
integrity and hoping that attackers will not alter or destroy data is not a valid mitigation strategy.
The cards in the Tampering suit are as follows (NOTE: Someone must have tampered with the 2, because it isn't here)
[When completed, each card description above will link to a copy of the card, along with examples of the threat and some specific mitigation steps. Point to Patterns & Practices documents, excerpts from Writing Secure Code, etc, where possible. Emphasise
that the information is already out there, so that dev teams widen their horizons.]