In this video, Tony UV explains threat modeling using the Process for Attack Simulation for Threat Analysis (PASTA) threat modeling framework, which he co-founded. You'll learn how the 7 steps of PASTA build on each other. PASTA is a popular, widely used risk-centric threat modeling framework that provides context to the threats facing your individual application environment and can be integrated into the DNA of your development lifecycle to create a security-first culture.

Threat modeling is a process of identifying potential and real vulnerabilities by creating a threat library. It allows you to look at your threats from a business impact perspective: what are you trying to protect, what assets do you have, how big is your attack surface? The PASTA method allows you to go into more detail by identifying the most likely attackers and understanding their motivations, goals and capabilities to reverse engineer more accurate attack vectors using custom attack trees.

Threat modeling looks not only at the compliance that is tested in standard security testing, but also at what threat actors are testing that is not covered by compliance regulations.

Download the full PASTA eBook to learn more: https://versprite.com/ebooks/leveraging-risk-centric-threat-models-for-integrated-risk-management/

00:00 Level 0: What is PASTA threat modeling?
00:40 Phase 1: Define goals
04:24 Phase 2: Define the technical phase
07:21 Phase 3: Disassembling the application
11:57 Phase 4: Analyze the threats
18:26 Phase 5: Vulnerability Analysis
24:35 Phase 6: Attack Analysis (How to create an attack tree)
29:55 Phase 7: Risk and impact analysis

// FIND VERSPRITE'S CYBERSECURITY TEAM ONLINE //
VerSprite: https://versprite.com/
LinkedIn: https://www.linkedin.com/versprite-llc/
Twitter: https://twitter.com/versprite/
YouTube: https://www.youtube.com/channel/UCpO73NdAEmRl2Z12fgoY_sw
Learn more about PASTA: https://versprite.com/ebooks/leveraging-risk-centric-threat-models-for-integrated-risk-management/

// ABOUT VERSPRITE //
VerSprite is a leading provider of risk-based cybersecurity services and PASTA threat modeling, enabling organizations to improve protection of critical assets, ensure compliance, and manage risk. Our mission is to help you understand and improve your organization's cybersecurity posture. With the increasing number and sophistication of cyberattacks, it is important to protect your company's assets and your customers and maintain the same reputation and trust you have worked hard to build. We believe an integrated approach leads to better and more cost-effective security practices and better overall business results.

Visit our website: https://versprite.com/

#ThreatModel #PASTAThreatModeling #ThreatModelingFramework

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.