What are the 7 Stages of PASTA Threat Modeling Framework?

In this video, Tony UV explains threat modeling using the Process for Attack Simulation for Threat Analysis (PASTA) threat modeling framework that he co-founded. You’ll learn how each of the 7 steps of PASTA builds upon each other. PASTA is a popular, widely adapted risk-centric threat modeling framework that brings context to your unique application environment threats and can be threaded into the DNA of your development lifecycle to create a security-first culture.

Threat modeling is a process of identifying potential and real vulnerabilities by creating a threat library. You will be able to look at your threats through the lens of business impact: what are you trying to protect, what assets do you have, what is your attack surface? The PASTA methodology allows you to get more granular by identifying the most likely attackers and understanding their motivations, goals, and abilities to reverse engineer more accurate attack vectors by way of custom attack trees.

Threat modeling looks at not only what standard security testing looks at for compliance, but what threat actors look at that is not covered under compliance regulations.


🌐 Download the Full PASTA eBook to learn more: https://versprite.com/ebooks/leveragi...

00:00 Stage 0: What is PASTA threat modeling?
00:40 Stage 1: Define the Objectives
04:24 Stage 2: Define the Technical Stage
07:21 Stage 3: Decompose the Application
11:57 Stage 4: Analyze the Threats
18:26 Stage 5: Vulnerability Analysis
24:35 Stage 6: Attack Analysis (How to create an Attack Tree)
29:55 Stage 7: Risk and Impact Analysis

// FIND VERSPRITE’S CYBERSECURITY TEAM ONLINE //
✦ VerSprite: https://versprite.com/
✦ LinkedIn:   / versprite-llc  
✦ Twitter:   / versprite  
✦ YouTube:    / @versprite  
✦ Learn More About PASTA: https://versprite.com/ebooks/leveragi...


// ABOUT VERSPRITE //
VerSprite is a leader in risk-based cybersecurity services and PASTA threat modeling, enabling businesses to improve the protection of critical assets, ensuring compliance, and managing risk. Our mission is to help you understand and improve your organization’s cybersecurity posture. With cyberattacks increasing in number and sophistication daily, it is important to protect your organization’s assets, protect your clients, and to maintain the same, great reputation and trust you have worked hard to build. We believe that an integrated approach will result in better and more cost-effective security practices and better business outcomes overall.

✦ Visit our website: https://versprite.com/

#threatmodel #PASTAthreatmodeling #threatmodelframework