Process for Attack Simulation and Threat Analysis (PASTA)

Risk Centric Threat Modeling

What is PASTA?

PASTA is the Process for Attack Simulation & Threat Analysis and is a risk centric threat modeling methodology aimed at identifying viable threat patterns against an application or system environment. Built around the idea of addressing likely attack patterns to high impact use cases, this approach integrates extremely well into a process of risk management.

The focus of this presentation is how a more integrated approach to threat modeling, based upon risk analysis, can help developers, architects, security professional and risk leaders understand what is more at stake, both with inherent risks as well as with residual risk.

This presentation reviews application threat modeling approaches and dives into risk centric threat models using the PASTA methodology. Each of the seven phases are covered, and practitioners will learn how to not only leverage risk centric threat modeling for improved application risk assessment efforts, but also learn how audit controls can be integrated into this process as well.

By leveraging threat intelligence data and exploitation exercises, the quality of the risk analysis for applications will be improved.

We are an international squad of professionals working as one.