Performing Threat Modeling with the PASTA Methodology

Do you have a hard time mitigating threats to your applications? Are you confused how to employ threat modeling? This course will teach you how to effectively employ threat modeling to reduce the attack surface of your application. We will use case studies to effectively.
Course info
Level
Intermediate
Updated
Oct 20, 2020
Duration
1h 4m
Table of contents
Description
Course info
Level
Intermediate
Updated
Oct 20, 2020
Duration
1h 4m
Description

If you are familiar with threat modeling as an exercise, you would know that threat modeling involves identification of threats and vulnerabilities in the context of your applications. In this course, Performing Threat Modeling with the PASTA Methodology, you’ll learn to build application threat models using PASTA methodology. First, you’ll explore the fundamentals of threat modeling. Next, you’ll discover how to dissect applications into smaller components followed by threat, vulnerability, and weakness analysis. Finally, you’ll learn how to build attack models. When you’re finished with this course, you’ll have the skills and knowledge of PASTA methodology needed to conduct threat modeling.

Course FAQ
Course FAQ
What are the popular threat modeling techniques?

Popular threat modeling techniques include: OCTAVE (Practice Focused), STRIDE (Developer Focused), VAST (Enterpise Focused), Trike (Acceptable Risk Focused), and P.A.S.T.A (Attacker Focused).

What is risk assessment?

In this course, risk assessment means to identify the information assests that could be affected by a cyber attack.

What are the benefits of threat modeling?

Threat modeling assists with identifying, calculating, communicating, and understanding potential threats and how to mitigate them while protecting an application's assets.

What is pasta threat modeling?

P.A.S.T.A threat modeling is a seven-step process that is used to simulate attacks to applications and assess possible defensive solutions.

What is threat modeling?

Threat modeling is a process with the objective of identifying potential vulnerabilities such as the absense of safeguards or structural vulnerabilities.

About the author
About the author

Cyber Security professional with experience of working as consultant, Appsec, SecOps and Compliance Management. I have experience in Web and Mobile App Pentesting, Cryptography, ISO 27001, Network security and Security Engineering

More from the author
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hello everyone. My name is Prashant Pandey, and welcome to my course Performing Threat Modeling with the PASTA Methodology. I'm a security consultant and penetration tester by profession. I hold CISSP and ISO 27001 Lead Auditor certifications. If you are familiar with threat modeling as an exercise you would know that threat modeling involves identification of threats and vulnerabilities in context of your applications or your crown jewels. PASTA takes this approach a step forward by combining the time‑tested risk assessment methodology and coupling this with the threat modeling exercise. PASTA methodology involves identifying the threats and vulnerabilities along with their impact. We calculate the risk level and plan the treatment of these risks. By the end of this course you will be able to independently conduct threat modeling on your applications using the PASTA methodology. Before starting this course you should be familiar and have a high‑level understanding of concepts like threat modeling, risk assessment, business impact analysis, penetration testing, and security monitoring. All these topics are covered in great details in different courses of Pluralsight. I hope you'll join me on this course to learn risk centric threat modeling with this course on Performing Threat Modeling with the PASTA Methodology at Pluralsight. Enjoy the course.