HomeServicesOffensive Security OffSecApplication Threat Modeling Service

Application Threat Modeling

Helping Clients Learn & Build Risk-Based Threat Models

Build a Tailored Engagement or Service Model Today

PASTA as a threat model framework is adopted and used by worldwide organizations.

Allow us to tailor a PASTA application threat model for your application so you can effectively apply the risk-centric methodology within the regiment of their software security assurance process.

Apply a Risk-Based Approach to Threat Modeling

Modeling your application for threats helps to preemptively address security within your software development lifecycle. There’s more to threat modeling than mapping a handful of threat categories to your application and building a data flow diagram. Learn how we can tailor the PASTA approach to fit your development timelines and maximize the output of each application threat model →

PASTA Threat Modeling (Process for Attack Simulation and Threat Analysis)
VerSprite’s Risk-Based Threat Model Methodology

VerSprite leverages our PASTA (Process for Attack Simulation and Threat Analysis) methodology to apply a risk-based approach to threat modeling. This methodology integrates business impact, inherent application risk, trust boundaries amongst application components, correlated threats, and attack patterns that exploit identified weaknesses from the threat modeling exercises. Prior to the PASTA threat model, most application threat models were not even considering actual threats.

As the name implies, a key goal for threat modeling is to do just that – model threats. Threat categorization mnemonics (like STRIDE) are helpful for beginners, but product managers and their superiors are eager to know which threats are topical to their business, product, and platform. Furthermore, limiting threats to a handful of categories may not include the actual threats adversarial groups are planning.

PASTA provides a risk centric threat modeling approach that is evidence-based. VerSprite’s security experts correlate real threats to your attack surface of application components and identify risk by first understanding the context of what the software or application is intended to do for the business or its clients. We also conduct exploitation tests that support threat motives within the model to validate whether they are probabilistic. Correlating viability with sustained impact allows this methodology to resonate as a highly effective risk-focused threat modeling approach.

Industries We Serve

VerSprite delivers Application Threat Modeling across industries where security failures translate directly to financial loss, safety risk, or regulatory exposure.

Financial Services & FinTech

Decompose banking and payment applications to identify threat actors, attack surfaces, and trust boundaries
Model fraud, account takeover, and transaction manipulation scenarios using the PASTA methodology
Analyze APIs, third-party integrations, and cloud dependencies for systemic risk exposure
Prioritize mitigation strategies aligned to regulatory requirements and financial risk tolerance

Healthcare & Life Sciences

Model threats to applications processing ePHI, clinical workflows, and research data
Identify abuse cases impacting patient safety, data integrity, and operational continuity
Analyze trust boundaries across EHR systems, connected devices, and external partners
Deliver risk-prioritized remediation strategies aligned to HIPAA and healthcare security frameworks

SaaS & Technology Providers

Deconstruct application architectures to map attack surfaces across cloud-native and microservices environments
Model threats targeting authentication flows, APIs, and tenant isolation controls
Identify systemic risks introduced through CI/CD pipelines and third-party integrations
Provide prioritized security requirements to strengthen product security and customer trust

Retail & E-Commerce

Model threats targeting checkout workflows, payment processing, and customer account management
Identify abuse scenarios such as fraud, credential stuffing, and supply chain compromise
Analyze integrations with payment processors, logistics providers, and marketing platforms
Deliver risk-based mitigation strategies to protect revenue, availability, and brand reputation

Manufacturing & Critical Infrastructure

Model threats across applications supporting production systems and IT/OT convergence
Identify attack paths that could impact operational technology and physical processes
Analyze trust relationships between enterprise systems, vendors, and remote access channels
Provide risk-prioritized controls to reduce operational disruption and safety risks

Application-Threat-Modeling

PASTA Threat Modeling for Cybersecurity, a Threat Modeling Example

PASTA Threat Modeling eBook - Risk-Based Threat Modeling Steps

The PASTA Threat Model eBook Risk-Based Threat Modeling

The Process for Attack Simulation and Threat Analysis (PASTA) provides businesses a strategic process for mitigating cybercrime risks by looking first and foremost at cyber threat mitigation as a business problem. The process provides the tactical steps that can be followed to provide effective countermeasures for mitigating existing vulnerabilities by analyzing the attacks that can exploit these vulnerabilities and mapping these attacks to threat scenarios that specifically focus on the application as a business-asset target.

Download eBook →

PASTA Threat Model Methodology
The 7 Stages

1. Define Business Context of Application

This considers the inherent application risk profile and address other business impact considerations early in the SDLC or for given Sprint under Scrum activities.

2. Technology Enumeration

You can’t protect what you don’t know is the philosophy behind this stage. It’s intended to decompose the technology stack that supports the application components that realize the business objectives identified from Stage 1.

Application Decomposition

Focuses on understanding the data flows amongst application components and services in the application threat model.

4. Threat Analysis

Reviews threat assertions from data within the environment as well as industry threat intelligence that is relevant to service, data, and deployment model.

5. Weakness / Vulnerability Identification

Identifies the vulnerabilities and weaknesses within the application design and code and correlates to see if it supports the threat assertions from the prior stage.

6. Attack Simulation

This stage focuses on emulating attacks that could exploit identified weaknesses/vulnerabilities from the prior stage. It helps to also determine the threat viability via attack patterns.

7. Residual Risk Analysis

This stage centers around remediating vulnerabilities or weaknesses in code or design that can facilitate threats and underlying attack patterns. It may warrant some risk acceptance by broader application owners or development managers.

Key Characteristics of
PASTA Risk-Centric Threat Modeling

1. It is a Methodology

If you’re looking for a process to follow, PASTA is designed for that. With seven phases with underlying activities in each phase, this approach is intended to guide new and experienced threat modelers across risk-centric application threat modeling activities.

2. Risk-Focused

PASTA not only looks at the variables of threat, vulnerability, countermeasures, and impact. Most importantly, it considers the probability of each variable and other supporting qualities like threat motives, current threat evidence, and countermeasure effectiveness.

3. Collaborative

Most threat modeling exercises simply include an audience of developers. This is a limited approach since developers depend on design, underlying infrastructure, managed corporate services (e.g. SSO, IAM, PKI, etc.), and the configuration of open frameworks. For this reason, architects, DevOps team members, systems engineers, business analysts, and SOC team members are also good candidates for collaborative threat modeling discussions under PASTA.

4. Prescriptive

In the end, PASTA is focused on providing prescriptive guidance on the exploitable vulnerabilities that are of greater priority. The last phase, residual risk analysis, focuses on addressing security countermeasures to non-accepted application risks and providing remediation alternatives, all depending on the team’s risk impact considerations, threat likelihood, and cost of countermeasure implementation

5. Evidence-based

Concrete evidence around quantitative business impact values, threat information driven threat assertions, and attack trees with probability values on each branch help to denote threat likelihood.

6. Maturity Modeling Integration

Whether you have never done threat modeling before or are a team of security champions, the activities defined within each phase of PASTA can correlate to both BSIMM and OpenSAMM maturity models for secure software development programs. Inquire more on how you can track maturity over time with PASTA and these maturity models.

7. Pre-emptive Compliance

PASTA considers technical requirements for applications as part of its first stage since non-compliance can affect product assurance towards varying regulatory requirements.

Resources

Slides & Presentations, Threat Modeling, VerSprite Security Resources February 20, 2020