Explore the advanced Stage IV of PASTA, the world's only risk-centric threat modeling methodology, in this 49-minute LASCON conference talk. Discover how threat intelligence and threat data play a crucial role in building highly contextualized threat models for applications. Learn the process of incorporating threat data (such as firewall alerts, WAF alerts, and EDR alerts) and threat intelligence (including threat advisories on embedded libraries, active threat campaigns, and exploits in the wild reports) to substantiate attack patterns and threat objectives. Understand how organizational incidents can shape the development of a robust threat library in threat modeling. Gain insights into creating a credible threat library and leveraging it to develop a tactical blueprint for effective exploit testing and penetration testing.
PASTA Threat Modeling: Leveraging Incident Response and Threat Intelligence for Tactical Penetration Testing
Overview
Syllabus
Tony UV - PASTA Threat Modeling & Leveraging IR, Threat Intelligence as Means for Tactical Pen Test
Taught by
LASCON
Related Courses
-
Penetration Testing, Threat Hunting, and Cryptography
-
Intro to Cyber Threat Intelligence
-
Penetration Testing Execution Standard (PTES)
-
Threat Modeling with PASTA - Application Security Case Studies
-
Cyber Threat Intelligence Demystified - Leveraging Intelligence for Effective Cybersecurity
-
Tales from Incident Response - Unmasking the Threat Actor's Inner Sanctum
