Performing Threat Modeling with the PASTA Methodology
Course info



Course info



Description
If you are familiar with threat modeling as an exercise, you would know that threat modeling involves identification of threats and vulnerabilities in the context of your applications. In this course, Performing Threat Modeling with the PASTA Methodology, you’ll learn to build application threat models using PASTA methodology. First, you’ll explore the fundamentals of threat modeling. Next, you’ll discover how to dissect applications into smaller components followed by threat, vulnerability, and weakness analysis. Finally, you’ll learn how to build attack models. When you’re finished with this course, you’ll have the skills and knowledge of PASTA methodology needed to conduct threat modeling.
Course FAQ
Popular threat modeling techniques include: OCTAVE (Practice Focused), STRIDE (Developer Focused), VAST (Enterpise Focused), Trike (Acceptable Risk Focused), and P.A.S.T.A (Attacker Focused).
In this course, risk assessment means to identify the information assests that could be affected by a cyber attack.
Threat modeling assists with identifying, calculating, communicating, and understanding potential threats and how to mitigate them while protecting an application's assets.
P.A.S.T.A threat modeling is a seven-step process that is used to simulate attacks to applications and assess possible defensive solutions.
Threat modeling is a process with the objective of identifying potential vulnerabilities such as the absense of safeguards or structural vulnerabilities.
Section Introduction Transcripts
Course Overview
Hello everyone. My name is Prashant Pandey, and welcome to my course Performing Threat Modeling with the PASTA Methodology. I'm a security consultant and penetration tester by profession. I hold CISSP and ISO 27001 Lead Auditor certifications. If you are familiar with threat modeling as an exercise you would know that threat modeling involves identification of threats and vulnerabilities in context of your applications or your crown jewels. PASTA takes this approach a step forward by combining the time‑tested risk assessment methodology and coupling this with the threat modeling exercise. PASTA methodology involves identifying the threats and vulnerabilities along with their impact. We calculate the risk level and plan the treatment of these risks. By the end of this course you will be able to independently conduct threat modeling on your applications using the PASTA methodology. Before starting this course you should be familiar and have a high‑level understanding of concepts like threat modeling, risk assessment, business impact analysis, penetration testing, and security monitoring. All these topics are covered in great details in different courses of Pluralsight. I hope you'll join me on this course to learn risk centric threat modeling with this course on Performing Threat Modeling with the PASTA Methodology at Pluralsight. Enjoy the course.