Web Security: Discover & Attack Vulnerabilities with PASTA Threat Modeling Web Security: Discover & Attack Vulnerabilities with PASTA Threat Modeling

Home  |  Resources  |  Threat Modeling

Making Web Security PASTA – BSidesATL 2011

Written By: Tony UcedaVélez

< Back to Blog Home

Discover & Attack Vulnerabilities

Process for Attack Simulation & Threat Analysis (PASTA) is an asset centric (or risk-based) threat modeling methodology that connects the security dots within a given SDLC – those dots being how to discover vulnerabilities, attack them, apply the right countermeasures, and more.

Application Security Assessments

Today’s application assessment options are both misunderstood and misapplied when assessing web applications or any application environment.

Often times, traditional security tools and testing methods seem to compete with one another instead of supporting a common goal, especially when trying foster a’ build security in’ doctrine.

This concept of building security in has been spoken of for some time and no real traction has taken place among various adopters, even with the information and support around frameworks such as the Software Assurance Maturity Model (SAMM) and Building Security-In Maturity Model (BSIMM), adoption is slower than anticipated.

The outlined process will provide a way in which BSIMM or SAMM can be sustained, via an anchored and repeatable threat modeling process.

Learn the PASTA Threat Modeling Process

Watch the video below to learn the PASTA process and go through key exercises that related to application decomposition including but not limited to data flow diagramming, attack tree build outs, and countermeasure development.

PASTA Threat Modeling

Risk Centric Threat Modeling:
Process for Attack Simulation and Threat Analysis

VerSprite leverages our PASTA (Process for Attack Simulation & Threat Analysis) methodology to apply a risk-based approach to threat modeling. This methodology integrates business impact, inherent application risk, trust boundaries amongst application components, correlated threats, and attack patterns that exploit identified weaknesses from the threat modeling exercises.

Learn More →

We are an international squad of professionals working as one.

logos