Using Risk-Based Threat Modeling to Protect Your Supply Chain
Risk-Based Offensive Threat Models Against the Supply Chain
VerSprite CEO Tony UcedaVelez presents offensive threat models against the supply chain. Threat models are often used by security champions to discover flaws in application environments. Many threat models are built through a defensive lens, foregoing realistic attack patterns that reflect adversarial goals vs. simply using a limited, non-mutable threat category. This presentation focuses on applying a more adversarial threat model to supply chain systems that are integrated into client environments.
Watch the webinar to learn:
- What is risk-based threat modeling and why does it differ from the standard threat model framework
- Why supply chain software is highly attractive to cyber criminals
- Supply chain threat actors and patterns
- How to build your defensive measures with attack patterns that are more realistic based upon criminal cyber trends
AppSecCali 2019 | Offensive Threat Models Against the Supply Chain
Risk-Based Threat Modeling
VerSprite’s approach to threat modeling provides a risk-based approach that is backed by evidence. VerSprite’s security experts correlate real threats to your attack surface of application components and identify risk by first understanding the context of what the software or application is intended to do for the business or its clients. We also conduct exploitation tests that support threat motives within the model to validate whether they are probabilistic. Correlating viability with sustained impact allows this methodology to resonate as a highly effective risk-focused threat modeling approach. Learn how we can tailor our threat modeling approach to fit your overall organization’s security needs. Learn more →
PASTA Threat Modeling: The Process for Attack Simulation and Threat Analysis
VerSprite leverages our PASTA (Process for Attack Simulation and Threat Analysis) methodology to apply a risk-based approach to threat modeling. This methodology integrates business impact, inherent application risk, trust boundaries among application components, correlated threats, and attack patterns that exploit identified weaknesses from the threat modeling exercises.
Subscribe for Our Updates
Please enter your email address and receive the latest updates.