Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Threat Modeling with PASTA - Application Security Case Studies

OWASP Foundation via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore risk-centric threat modeling using the PASTA methodology in this 46-minute conference talk from AppSec EU 2017. Gain insights into preemptive design and coding techniques aligned with application use cases and threat contexts. Examine three detailed case studies covering IoT, E-Commerce, and Mobile Applications. Learn how to harvest and correlate threat patterns, define preemptive controls, and incorporate countermeasures into overall design. Delve into topics such as data flow diagramming, threat analytics, and security architecture. Discover the PASTA framework, risk formulas, probabilistic bands, and other artifacts essential for effective threat modeling. Analyze specific scenarios including consumer electronics, cloud pets, and teddy bears, mapping use cases to potential abuse cases. Understand the process of scenario threat analysis, attack tree construction, and residual risk assessment across various industries including healthcare and mobile applications.

Syllabus

Introduction
Who is Tony
What is Threat Modeling
PASTA
Threat vs Attack
Blind Threat Model
PASTA Framework
Risk Formula
Probabilistic Bands
Other Artifacts
Case Study Consumer Electronics
Case Study Cloud Pets
Case Study Teddy Bear
Use Cases
Abuse Cases
Unauthenticated Requests
Generic Attributes
Mapping Use Cases
Scenario Threat Analysis
Stage 4 Threat Modeling
Stage 6 Attack Trees
Residual Risk Analysis
Health Care
Mobile Application
Technology Components
Data Flow Diagram
Threat Analysis
Three main differentiators
Private questions
PASTA examples

Taught by

OWASP Foundation

Reviews

Start your review of Threat Modeling with PASTA - Application Security Case Studies

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.