Course

Skills

Performing Threat Modeling with the PASTA Methodology

by Prashant Pandey

Do you have a hard time mitigating threats to your applications? Are you confused how to employ threat modeling? This course will teach you how to effectively employ threat modeling to reduce the attack surface of your application. We will use case studies to effectively.

Preview this course

Try for free

Get this course plus top-rated picks in tech skills and other popular topics.

$29.00

per month after 10 day trial

Your 10 day Standard free trial includes

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.

For teams

Give up to 50 users access to our full library including this course free for 30 days

Course info

Level

Intermediate

Updated

Oct 20, 2020

Duration

1h 4m

What you'll learn

If you are familiar with threat modeling as an exercise, you would know that threat modeling involves identification of threats and vulnerabilities in the context of your applications. In this course, Performing Threat Modeling with the PASTA Methodology, you’ll learn to build application threat models using PASTA methodology. First, you’ll explore the fundamentals of threat modeling. Next, you’ll discover how to dissect applications into smaller components followed by threat, vulnerability, and weakness analysis. Finally, you’ll learn how to build attack models. When you’re finished with this course, you’ll have the skills and knowledge of PASTA methodology needed to conduct threat modeling.

Course Overview

1min

Course Overview 2m

Describing the PASTA Methodology

8mins

Defining Business Objectives and Scope Definition

5mins

Defining Business Objectives 3m
Security and Compliance Requirements 1m
Define Business Impact 1m
Define Risk Profile 1m

Definition of Technical Scope

7mins

Defining Technical Scope 3m
Identifying Actors and Data Sources 2m
Understanding Infrastructure and Third Party Code 3m

Performing Application Decomposition

6mins

Performing Application Decomposition 1m
Creating Data Flow Diagrams 2m
Security Functional Analysis and Trust Boundaries 3m

Conducting Threat, Vulnerability, and Weakness Analysis

11mins

Module Overview and Analyzing Threat Scenario 3m
Sources of Threat Feed 2m
Mapping Threats to Assets 4m
Enumerating Vulnerabilities 2m
Mapping Threats to Vulnerabilities 1m

Performing Attack Modeling and Computing Risk and Impact Analysis

12mins

Module Overview and Attack Modeling 1m
Creating Attack Trees 2m
Probability and Impact Analysis 3m
Attack Modeling and Risk Analysis 1m
Probability and Impact Analysis 2m
Risk Treatment Strategies 2m

Case Studies on Utilizing PASTA

10mins

Case Study: Define Objectives 2m
Case Study: Define Technical Scope 1m
Case Study: Application Decomposition 1m
Case Study: Threat Analysis 1m
Case Study: Vulnerability, Weakness Analysis, and Attack Trees 2m
Case Study: Residual Risk Assessment and Management 2m
End Note 1m

Course FAQ

What are the popular threat modeling techniques?

Popular threat modeling techniques include: OCTAVE (Practice Focused), STRIDE (Developer Focused), VAST (Enterpise Focused), Trike (Acceptable Risk Focused), and P.A.S.T.A (Attacker Focused).

What is risk assessment?

In this course, risk assessment means to identify the information assests that could be affected by a cyber attack.

What are the benefits of threat modeling?

Threat modeling assists with identifying, calculating, communicating, and understanding potential threats and how to mitigate them while protecting an application's assets.

What is pasta threat modeling?

P.A.S.T.A threat modeling is a seven-step process that is used to simulate attacks to applications and assess possible defensive solutions.

What is threat modeling?

Threat modeling is a process with the objective of identifying potential vulnerabilities such as the absense of safeguards or structural vulnerabilities.

About the author

Prashant Pandey

With comprehensive experience in Cyber Security, Ethical Hacking, VAPT and Security Consultancy, I aim to bring my experience and knowledge to all professionals in this field. I have tested over 100 web and mobile applications. I have experience with compliance like ISO 27001, GDPR and PCI DSS. My areas of interest include Web and Mobile App Pentesting, Dark Web Intelligence, Cryptography, Enterprise Security, Network Security, ISO Standards and GDPR. I have conducted extensive online and offlin... more

See more courses by Prashant Pandey

Try for free

Get this course plus top-rated picks in tech skills and other popular topics.

$29.00

per month after 10 day trial

Your 10 day Standard free trial includes

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.

For teams

Give up to 50 users access to our full library including this course free for 30 days

Course info

Level

Intermediate

Updated

Oct 20, 2020

Duration

1h 4m

Ready to upskill? Get started

Contact Sales

Performing Threat Modeling with the PASTA Methodology

What you'll learn

Table of contents

Course FAQ

About the author

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Contact Sales

Performing Threat Modeling with the PASTA Methodology

What you'll learn

Table of contents

Course FAQ

About the author

Get access now

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Ready to skill up
your entire team?

Ready to skill up
your entire team?