AppSec EU 2017: Modeling Threats for Applications

Threat Modeling with PASTA

Developers need prescriptive guidance on preemptive design and coding techniques. This can be done blindly or in alignment to both application use cases and the context of abuse cases or threats.

This talk speaks to case studies in risk centric threat modeling with the PASTA (Process for Attack Simulation and Threat Analysis) methodology and provides 3 use cases of IoT, E-Commerce, and Mobile Applications. This talk assumes that a basic understanding of data flow diagramming, pen testing, security architecture, and threat analytics is understood by the audience.

Modeling Threats for Applications

This talk also centers around the idea of modeling threats for applications based upon a higher propensity of threat intelligence, how to harvest and correlate threat patterns to your threat model, and how to correlate a threat model to defining preemptive controls and countermeasures to include in the overall design.

What is PASTA?

PASTA is the Process for Attack Simulation & Threat Analysis and is a risk centric threat modeling methodology aimed at identifying viable threat patterns against an application or system environment. Built around the idea of addressing likely attack patterns to high impact use cases, this approach integrates extremely well into a process of risk management.View PASTA Presentation →

Download PASTA Presentation →