Using Risk-Based Threat Modeling to Protect Your Supply Chain | OWASP Using Risk-Based Threat Modeling to Protect Your Supply Chain | OWASP

Home  |  Resources  |  Supply Chain

Using Risk-Based Threat Modeling to Protect Your Supply Chain

VerSprite ● December 17, 2020

< Back to Blog Home

Risk-Based Offensive Threat Models Against the Supply Chain

VerSprite CEO Tony UcedaVelez presents on offensive threat models against the supply chain. Threat models are often used by security champions to discover flaws in application environments. Many threat models are built through a defensive lens, foregoing realistic attack patterns that reflect adversarial goals vs. simply using a limited, non-mutable threat category. This presentation focuses on applying a more adversarial threat model to supply chain systems that are integrated into client environments.

Watch the webinar to learn:

  • What is risk-based threat modeling and why it differs from the standard threat model framework
  • Why supply chain software is highly attractive to cyber criminals
  • Supply chain threat actors and patterns
  • How to build your defensive measures with attack patterns that are more realistic based upon criminal cyber trends


AppSecCali 2019 | Offensive Threat Models Against the Supply Chain


Risk-Based Threat Modeling

VerSprites approach to threat modeling provides a risk-based approach that is backed by evidence. VerSprite’s security experts correlate real threats to your attack surface of application components and identify risk by first understanding the context of what the software or application is intended to do for the business or its clients. We also conduct exploitation tests that support threat motives within the model to validate whether they are probabilistic. Correlating viability with sustained impact allows this methodology to resonate as a highly effective risk-focused threat modeling approach. Learn how we can tailor our threat modeling approach to fit your overall organization’s security needs. Learn more →

PASTA Threat Modeling

PASTA Threat Modeling: The Process for Attack Simulation and Threat Analysis

VerSprite leverages our PASTA (Process for Attack Simulation and Threat Analysis) methodology to apply a risk-based approach to threat modeling. This methodology integrates business impact, inherent application risk, trust boundaries among application components, correlated threats, and attack patterns that exploit identified weaknesses from the threat modeling exercises.

Download the eBook →

We are an international squad of professionals working as one.