SECURITY RESOURCES

Offensive minded security exploit development
What is Threat Modeling?

Threat Modeling

What is Threat Modeling?

A common question asked by people new to the specifics of cybersecurity. Threat modeling is a practical measure used to protect your business’ data and networks from cyber threats and attacks.

Read About Threat Modeling
A Pasta Threat Modeling Solution for Complex Cybersecurity Tasks

A Pasta Threat Modeling Solution for Complex Cybersecurity Tasks

PASTA is not a complicated static framework. It’s an agile methodology that breaks down and solves complex cybersecurity tasks, allows scaling, and evolves with the cybersecurity landscape and business goals.

Read About PASTA
The Process for Attack Simulation and Threat Analysis

Cybersecurity Library, Ebooks & Guides, Threat Modeling, VerSprite Security Resources

The Process for Attack Simulation and Threat Analysis

PASTA is the Process for Attack Simulation & Threat Analysis and is a risk-centric threat modeling methodology aimed at identifying viable threat patterns against an application or system environment.

Download eBook
Threat Modeling: A Comprehensive Guide

Threat Modeling: A Comprehensive Guide

In this model, you will see engineers, network professionals, developers, architects, business analysts, project managers, security champions, pentesters, and quality assurance engineers. Because they all have some level of involvement and collaboration at different stages of application, as well as organizational, threat modeling ensures effective results.

Learn About Threat Modeling
Using Risk-Based Threat Modeling to Protect Your Supply Chain

Cybersecurity Library, Ebooks & Guides, Supply Chains, VerSprite Security Resources

Using Risk-Based Threat Modeling to Protect Your Supply Chain

Why are supply chains a popular target for cybercriminals? VerSprite CEO, Tony UcedaVélez, introduces our risk-based threat modeling approach, PASTA, and how it allows organizations to better protect their supply chain software from threat actors.

Read About Risk-Based Threat Modeling
Attacking Your Assumptions: How Criminal Tactics Can Save Your Organization

Attacking Your Assumptions: How Criminal Tactics Can Save Your Organization

In this article, VerSprite’s Offensive Security team explore the difference between common security risk assessments (vulnerability assessment, penetration testing, and red teaming) as we walk you through real exploits we have used to test organizations’ security protocols.

Read About Criminal Tactics

Category

View All
Healthcare Threat Modeling Vignettes
Slides & Presentations, Threat Modeling, VerSprite Security Resources

Healthcare Threat Modeling Vignettes

HITECH /HIPAA Privacy Rule Medical Record Retention
Governance Risk & Compliance, Information Security Management System (ISMS), Regulatory Compliance

HITECH /HIPAA Privacy Rule Medical Record Retention

WD My Cloud Command Injection – Access All Private Folders
Cloud Security, VerSprite Security Resources, Videos

WD My Cloud Command Injection – Access All Private Folders

Command Injection in the WD My Cloud NAS
Application Security, Cloud Security, Information Security Management System (ISMS)

Command Injection in the WD My Cloud NAS

WD My Cloud Command Injection – Remote Root with WebRTC
Cloud Security, VerSprite Security Resources, Videos

WD My Cloud Command Injection – Remote Root with WebRTC

Anti-Nausea Medicine for LastPass, Password Management FUD
Application Security, Governance Risk & Compliance, Information Security Management System (ISMS), Regulatory Compliance

Anti-Nausea Medicine for LastPass, Password Management FUD

Why Threat-Free Threat Modeling Doesn’t Work
Application Security, Threat Modeling

Why Threat-Free Threat Modeling Doesn’t Work

Into the Jar | Jsonpickle Exploitation
Application Security, Security Research

Into the Jar | Jsonpickle Exploitation

Assessing Emerging JavaScript Platforms with Express.js and Node.js – What to Look For
Application Security, Information Security Management System (ISMS)

Assessing Emerging JavaScript Platforms with Express.js and Node.js – What to Look For

Android Titan SMS Trojan Analysis | Part One
Application Security, Mobile Security Testing, Security Research

Android Titan SMS Trojan Analysis | Part One

Security Metrics Rehab – Part One
Governance Risk & Compliance, Information Security Management System (ISMS)

Security Metrics Rehab – Part One

Multiple Vulnerabilities in Mercury Browser for Android Version 2.2.2 & 3.0.0
Application Security, Mobile Security Testing, Security Research

Multiple Vulnerabilities in Mercury Browser for Android Version 2.2.2 & 3.0.0

Android InfoStealer – Godwon – Analysis
Application Security, Mobile Security Testing, Security Research

Android InfoStealer – Godwon – Analysis

Android Emulator Detection
Application Security, Mobile Security Testing, Security Research

Android Emulator Detection

Baidu Browser for Android Insecurely Handles the Intent Url Scheme
Application Security, Mobile Security Testing, Security Research

Baidu Browser for Android Insecurely Handles the Intent Url Scheme

ci cd security, devsecops ci/cd, web app pen testing

Subscribe for Our
Updates

Please enter your email address and receive the latest updates