Performing Threat Modeling with the PASTA Methodology

By Prashant Pandey
Do you have a hard time mitigating threats to your applications? Are you confused how to employ threat modeling? This course will teach you how to effectively employ threat modeling to reduce the attack surface of your application. We will use case studies to effectively.
Play course overview
Course info
Level
Intermediate
Updated
Oct 20, 2020
Duration
1h 4m
Table of contents
Course Overview
Course Overview 2m
Describing the PASTA Methodology
First Look at the PASTA Methodology 2m Inputs to PASTA Methodology 1m Choosing the Right Team 1m Steps of PASTA Methodology 4m
Defining Business Objectives and Scope Definition
Defining Business Objectives 3m Security and Compliance Requirements 1m Define Business Impact 1m Define Risk Profile 1m
Definition of Technical Scope
Defining Technical Scope 3m Identifying Actors and Data Sources 2m Understanding Infrastructure and Third Party Code 3m
Performing Application Decomposition
Performing Application Decomposition 1m Creating Data Flow Diagrams 2m Security Functional Analysis and Trust Boundaries 3m
Conducting Threat, Vulnerability, and Weakness Analysis
Module Overview and Analyzing Threat Scenario 3m Sources of Threat Feed 2m Mapping Threats to Assets 4m Enumerating Vulnerabilities 2m Mapping Threats to Vulnerabilities 1m
Performing Attack Modeling and Computing Risk and Impact Analysis
Module Overview and Attack Modeling 1m Creating Attack Trees 2m Probability and Impact Analysis 3m Attack Modeling and Risk Analysis 1m Probability and Impact Analysis 2m Risk Treatment Strategies 2m
Case Studies on Utilizing PASTA
Case Study: Define Objectives 2m Case Study: Define Technical Scope 1m Case Study: Application Decomposition 1m Case Study: Threat Analysis 1m Case Study: Vulnerability, Weakness Analysis, and Attack Trees 2m Case Study: Residual Risk Assessment and Management 2m End Note 1m
Description
Course info
Level
Intermediate
Updated
Oct 20, 2020
Duration
1h 4m
Description

If you are familiar with threat modeling as an exercise, you would know that threat modeling involves identification of threats and vulnerabilities in the context of your applications. In this course, Performing Threat Modeling with the PASTA Methodology, you’ll learn to build application threat models using PASTA methodology. First, you’ll explore the fundamentals of threat modeling. Next, you’ll discover how to dissect applications into smaller components followed by threat, vulnerability, and weakness analysis. Finally, you’ll learn how to build attack models. When you’re finished with this course, you’ll have the skills and knowledge of PASTA methodology needed to conduct threat modeling.

Course FAQ
Course FAQ
What are the popular threat modeling techniques?

Popular threat modeling techniques include: OCTAVE (Practice Focused), STRIDE (Developer Focused), VAST (Enterpise Focused), Trike (Acceptable Risk Focused), and P.A.S.T.A (Attacker Focused).

What is risk assessment?

In this course, risk assessment means to identify the information assests that could be affected by a cyber attack.

What are the benefits of threat modeling?

Threat modeling assists with identifying, calculating, communicating, and understanding potential threats and how to mitigate them while protecting an application's assets.

What is pasta threat modeling?

P.A.S.T.A threat modeling is a seven-step process that is used to simulate attacks to applications and assess possible defensive solutions.

What is threat modeling?

Threat modeling is a process with the objective of identifying potential vulnerabilities such as the absense of safeguards or structural vulnerabilities.

About the author
Prashant Pandey
About the author

Cyber Security professional with experience of working as consultant, Appsec, SecOps and Compliance Management. I have experience in Web and Mobile App Pentesting, Cryptography, ISO 27001, Network security and Security Engineering

More from the author
Building and Implementing an Enterprise-level Phishing Program
Advanced
48m
Feb 21, 2020
Developing and Implementing Vulnerability Management Programs
Advanced
1h 20m
Oct 4, 2019
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hello everyone. My name is Prashant Pandey, and welcome to my course Performing Threat Modeling with the PASTA Methodology. I'm a security consultant and penetration tester by profession. I hold CISSP and ISO 27001 Lead Auditor certifications. If you are familiar with threat modeling as an exercise you would know that threat modeling involves identification of threats and vulnerabilities in context of your applications or your crown jewels. PASTA takes this approach a step forward by combining the time‑tested risk assessment methodology and coupling this with the threat modeling exercise. PASTA methodology involves identifying the threats and vulnerabilities along with their impact. We calculate the risk level and plan the treatment of these risks. By the end of this course you will be able to independently conduct threat modeling on your applications using the PASTA methodology. Before starting this course you should be familiar and have a high‑level understanding of concepts like threat modeling, risk assessment, business impact analysis, penetration testing, and security monitoring. All these topics are covered in great details in different courses of Pluralsight. I hope you'll join me on this course to learn risk centric threat modeling with this course on Performing Threat Modeling with the PASTA Methodology at Pluralsight. Enjoy the course.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT