PASTA Threat Modeling for Cybersecurity | OWASP All Chapters 2020 Presentation

How do you incorporate a risk-centric approach to your threat models and security program? How do you bring context to cybersecurity risks? How do you create a stronger business threat model or application threat model?

This webinar is an introduction into a risk-centric approach to threat modeling and PASTA Threat Modeling. PASTA threat model co-creator, Tony UcedaVélez, will walk you through what is PASTA and how to apply it to your own cyber security operations. We welcome all software and application developers, architects, and security professionals to join us in creating stronger threat models.

This presentation was part of the OWASP All Chapters Day 2020 as Cooking with PASTA and is also available on their channel here:    • OWASP Chapters All Day - Hour 08 - At...  


// MORE PASTA RESOURCES AT VERSPRITE //
✦ Learn More About PASTA: https://versprite.com/security-offeri...
✦ Download an Excerpt From Tony’s Book on PASTA: https://versprite.com/security-testin...
✦ Blog - Threat Models as Blueprints for Threat Intelligence, Threat Data (SOCs): https://versprite.com/blog/threat-int...


// TIMESTAMPS //
00:00 - Welcome to Cooking with Pasta by Tony UcedaVélez
01:24 – Who is Tony UcedaVélez? Creator of PASTA Threat Modeling
02:23 – Presentation Overview
02:58 – What is the PASTA Threat Modeling Methodology? What is Application Risk?
04:07 – A Brief Breakdown of each of the PASTA methodology stages
08:50 – What is the Process for Attack Simulation & Threat Analysis (PASTA Threat Modeling) and what is its value?
10:55 – What are some of the supporting activities to PASTA? Integrating existing security efforts to PASTA stages.
11:51 – Stage 1: How to define the objectives of the business or application to create the threat model and incorporating governance and compliance.
15:42 – Stage 2: How to define the technical scope. Understanding the application attack surface and know what it is you’re protecting.
21:29 – Stage 3: How to break down application components (decomposition). This stage maps the relationship between components and answers, “How does this all come together?”.
26:27 – Stage 4: Threat Intelligence Consumption & Analysis. How to rethink detection response using context.
33:50 – Stage 5: Vulnerability Analysis and Weakness Analysis. How to map vulnerabilities/weakness to components of the application model that support the threat goals.
43:10 – Stage 6: The Attack Modeling Phase. How to build threat-inspired attack patterns and testing threats for viability.
50:39 – Stage 7: How to perform more effective residual risk analysis. Focusing on countermeasures that reduce risk to the application risk profile and overall business impact.
59:59 – Q&A and Farewells


// ABOUT TONY //
Tony UcedaVélez is the co-creator of the Process for Attack Simulation & Threat Analysis and the CEO of VerSprite. Tony has over 25 years of IT/InfoSec work across a vast range of industries. He is also the OWASP leader for Atlanta, GA.

Connect with Tony:
✦ LinkedIn:   / tonyuv  
✦ Twitter:   / t0nyuv  


// FIND VERSPRITE’S CYBERSECURITY TEAM ONLINE //
✦ VerSprite: https://versprite.com/
✦ LinkedIn:   / versprite-llc  
✦ Twitter:   / versprite  
✦ YouTube:    / @versprite  


// ABOUT VERSPRITE //
VerSprite is a leader in operational risk management and security advisory services, enabling businesses to improve the protection of critical assets, ensuring compliance and managing risk. Our mission is to help you understand and improve your organization’s cybersecurity posture. With cyberattacks increasing in number and sophistication daily, it’s important to protect your organization’s assets, protect your clients and to maintain the same, great reputation and trust you’ve worked hard to build. We believe that an integrated approach will result in better and more cost-effective security practices and better business outcomes overall.
✦ Visit our website: https://versprite.com/

#threatmodeling #cybersecuritytraining #pastathreatmodel