VerSprite CEO Tony UcedaVelez presents on offensive threat models against the supply chain. Threat models are often used by security champions to discover flaws in application environments. Many threat models are built through a defensive lens, foregoing realistic attack patterns that reflect adversarial goals vs. simply using a limited, non-mutable threat category. This presentation focuses on applying a more adversarial threat model to supply chain systems that are integrated into client environments.
Watch the webinar to learn:
VerSprites approach to threat modeling provides a risk-based approach that is backed by evidence. VerSprite’s security experts correlate real threats to your attack surface of application components and identify risk by first understanding the context of what the software or application is intended to do for the business or its clients. We also conduct exploitation tests that support threat motives within the model to validate whether they are probabilistic. Correlating viability with sustained impact allows this methodology to resonate as a highly effective risk-focused threat modeling approach. Learn how we can tailor our threat modeling approach to fit your overall organization’s security needs. Learn more →
VerSprite leverages our PASTA (Process for Attack Simulation and Threat Analysis) methodology to apply a risk-based approach to threat modeling. This methodology integrates business impact, inherent application risk, trust boundaries among application components, correlated threats, and attack patterns that exploit identified weaknesses from the threat modeling exercises.