SECURITY RESOURCES

Offensive minded security exploit development
What is Threat Modeling?

Threat Modeling

What is Threat Modeling?

A common question asked by people new to the specifics of cybersecurity. Threat modeling is a practical measure used to protect your business’ data and networks from cyber threats and attacks.

Read About Threat Modeling
A Pasta Threat Modeling Solution for Complex Cybersecurity Tasks

A Pasta Threat Modeling Solution for Complex Cybersecurity Tasks

PASTA is not a complicated static framework. It’s an agile methodology that breaks down and solves complex cybersecurity tasks, allows scaling, and evolves with the cybersecurity landscape and business goals.

Read About PASTA
The Process for Attack Simulation and Threat Analysis

Cybersecurity Library, Ebooks & Guides, Threat Modeling, VerSprite Security Resources

The Process for Attack Simulation and Threat Analysis

PASTA is the Process for Attack Simulation & Threat Analysis and is a risk-centric threat modeling methodology aimed at identifying viable threat patterns against an application or system environment.

Download eBook
Threat Modeling: A Comprehensive Guide

Threat Modeling: A Comprehensive Guide

In this model, you will see engineers, network professionals, developers, architects, business analysts, project managers, security champions, pentesters, and quality assurance engineers. Because they all have some level of involvement and collaboration at different stages of application, as well as organizational, threat modeling ensures effective results.

Learn About Threat Modeling
Using Risk-Based Threat Modeling to Protect Your Supply Chain

Cybersecurity Library, Ebooks & Guides, Supply Chains, VerSprite Security Resources

Using Risk-Based Threat Modeling to Protect Your Supply Chain

Why are supply chains a popular target for cybercriminals? VerSprite CEO, Tony UcedaVélez, introduces our risk-based threat modeling approach, PASTA, and how it allows organizations to better protect their supply chain software from threat actors.

Read About Risk-Based Threat Modeling
Attacking Your Assumptions: How Criminal Tactics Can Save Your Organization

Attacking Your Assumptions: How Criminal Tactics Can Save Your Organization

In this article, VerSprite’s Offensive Security team explore the difference between common security risk assessments (vulnerability assessment, penetration testing, and red teaming) as we walk you through real exploits we have used to test organizations’ security protocols.

Read About Criminal Tactics

Category

View All
Attack Trees for Containers as a Service (CaaS)
Slides & Presentations, VerSprite Security Resources

Attack Trees for Containers as a Service (CaaS)

Organizational Threat Models – Atlanta Cyber Security Summit 2016
Slides & Presentations, Threat Modeling, VerSprite Security Resources

Organizational Threat Models – Atlanta Cyber Security Summit 2016

CRESTCON 2019: Threat Modeling for Defense and Offense
Threat Modeling, VerSprite Security Resources, Videos

CRESTCON 2019: Threat Modeling for Defense and Offense

Maturing 3rd Party Vendor Risk Programs
Slides & Presentations, VerSprite Security Resources

Maturing 3rd Party Vendor Risk Programs

Cyber Liability Insurance and Your Security Program – How They Fit
VerSprite Security Resources, Videos, Webinars

Cyber Liability Insurance and Your Security Program – How They Fit

US Company Exploring FinTech
Geopolitical Risk, Possible Use Cases, VerSprite Security Resources

US Company Exploring FinTech

Modernizing the Telecommunications Industry
Geopolitical Risk, Possible Use Cases, VerSprite Security Resources

Modernizing the Telecommunications Industry

Risk Centric Threat Modeling: AppSec, Risk, Compliance Convergence | CSX North American Conference
Slides & Presentations, VerSprite Security Resources

Risk Centric Threat Modeling: AppSec, Risk, Compliance Convergence | CSX North American Conference

Healthcare Threat Modeling Vignettes
Slides & Presentations, Threat Modeling, VerSprite Security Resources

Healthcare Threat Modeling Vignettes

HITECH /HIPAA Privacy Rule Medical Record Retention
Governance Risk & Compliance, Information Security Management System (ISMS), Regulatory Compliance

HITECH /HIPAA Privacy Rule Medical Record Retention

WD My Cloud Command Injection – Access All Private Folders
Cloud Security, VerSprite Security Resources, Videos

WD My Cloud Command Injection – Access All Private Folders

Command Injection in the WD My Cloud NAS
Application Security, Cloud Security, Information Security Management System (ISMS)

Command Injection in the WD My Cloud NAS

WD My Cloud Command Injection – Remote Root with WebRTC
Cloud Security, VerSprite Security Resources, Videos

WD My Cloud Command Injection – Remote Root with WebRTC

Anti-Nausea Medicine for LastPass, Password Management FUD
Application Security, Governance Risk & Compliance, Information Security Management System (ISMS), Regulatory Compliance

Anti-Nausea Medicine for LastPass, Password Management FUD

Why Threat-Free Threat Modeling Doesn’t Work
Application Security, Threat Modeling

Why Threat-Free Threat Modeling Doesn’t Work

ci cd security, devsecops ci/cd, web app pen testing

Subscribe for Our
Updates

Please enter your email address and receive the latest updates