PASTA is the Process for Attack Simulation & Threat Analysis and is a risk centric threat modeling methodology aimed at identifying viable threat patterns against an application or system environment. Built around the idea of addressing likely attack patterns to high impact use cases, this approach integrates extremely well into a process of risk management.
The focus of this presentation is how a more integrated approach to threat modeling, based upon risk analysis, can help developers, architects, security professional and risk leaders understand what is more at stake, both with inherent risks as well as with residual risk.
This presentation reviews application threat modeling approaches and dives into risk centric threat models using the PASTA methodology. Each of the seven phases are covered, and practitioners will learn how to not only leverage risk centric threat modeling for improved application risk assessment efforts, but also learn how audit controls can be integrated into this process as well.