Explore risk-centric threat modeling using the PASTA methodology in this 46-minute conference talk from AppSec EU 2017. Gain insights into preemptive design and coding techniques aligned with application use cases and threat contexts. Examine three detailed case studies covering IoT, E-Commerce, and Mobile Applications. Learn how to harvest and correlate threat patterns, define preemptive controls, and incorporate countermeasures into overall design. Delve into topics such as data flow diagramming, threat analytics, and security architecture. Discover the PASTA framework, risk formulas, probabilistic bands, and other artifacts essential for effective threat modeling. Analyze specific scenarios including consumer electronics, cloud pets, and teddy bears, mapping use cases to potential abuse cases. Understand the process of scenario threat analysis, attack tree construction, and residual risk assessment across various industries including healthcare and mobile applications.
Threat Modeling with PASTA - Application Security Case Studies
Overview
Syllabus
Introduction
Who is Tony
What is Threat Modeling
PASTA
Threat vs Attack
Blind Threat Model
PASTA Framework
Risk Formula
Probabilistic Bands
Other Artifacts
Case Study Consumer Electronics
Case Study Cloud Pets
Case Study Teddy Bear
Use Cases
Abuse Cases
Unauthenticated Requests
Generic Attributes
Mapping Use Cases
Scenario Threat Analysis
Stage 4 Threat Modeling
Stage 6 Attack Trees
Residual Risk Analysis
Health Care
Mobile Application
Technology Components
Data Flow Diagram
Threat Analysis
Three main differentiators
Private questions
PASTA examples
Taught by
OWASP Foundation
