What is PASTA Threat Modeling>
Versprite Blog РTony Ucedav̩lez
The Process of Attack Simulation and Threat Analysis (PASTA) is a risk-centric threat modeling methodology co-founded in 2015 by VerSprite CEO Tony UcedaVélez and security leader Marco M. Morana. Organizations all over the world, like GitLab, are adopting PASTA as their internal threat modeling standard because of its risk-centric approach, collaborative tendencies, evidence-based threat intel, and focus on the probability of each attack.
Benefits of PASTA Threat Modeling: Contextualized approach that always ties back to business context Simulates and tests the viability of evidence-based threats Takes the perspective of an attacker Leverages existing processes from within the organization Collaborative process that can quickly scale up or down Stage One: Define the Objectives Stage Two: Define the Technical Scope PASTA is meant to be a collaborative effort and encourages working together with the engineering team, the cloud team, developers, and architects to ask âWhat are you working with. What are you supporting in this environment?â And then âWhat will be helpful to align. What is the technology landscape?â This conversation will set you up to move successfully on to stage three, application decomposition.
Stage Three: Decompose the Application Stage three of PASTA is application decomposition. In stage two, we built context around what we are running. Stage three goes further by creating context around how everything communicates, how it all comes together. The key output of this stage is to understand if you have implicit trust models and where they are. It may be an IoT device talking to the cloud, or an embedded device talking to an automobile component. You may have an implicit trust model that could be a good conduit for exploitation.
Stage Four: Analyze the Threats Stage four is analyzing the threats. The main output for stage four is to understand what the application does and what sort of threats are affecting your defined attack surface.
Dos and Donâts of Threat Intelligence Consumption & Analysis Dos: Make your own threat intel utilizing internal/external researchers or internal logs Know where your threat sources come from, itâs relevant, and cross validated Donâts: Use one source of threat intel data Use your competitors threat intelligence as a basis for industry related threats Let the threat analysis reveal assets you didnât consider in stages 2 and 3 (this means you did those steps wrongâ Stage Five: Vulnerability Analysis Stage five correlates the applicationâs vulnerabilities to the applicationâs assets. How are you going to sew together tools and best practices, in terms of volume management, volume assessment, static analysis, dynamic analysis, etc.. And in all the noise that youâre seeing in the vulnerability analysis, what are the ones that are material to the threats in your threat library. The key differentiator with PASTA is focusing on risks that will have the most impact to the business â all based upon stage one.
Stage Six: Attack Analysis The key objective for stage six of PASTA, is to prove that the things we found vulnerable in stage five, are actually viable. To blueprint a good model for attacks, you want to use attack trees. Using attack trees allows you to map known vulnerabilities to a node on the attack tree to determine itâs likelihood.
Stage Seven: Risk and Impact Analysis At the end of the day, PASTA threat modeling is about reducing risks. The end goal for stage seven, is to build countermeasures that mitigate the threats that are important. To finalize the threat modeling exercise, we want to utilize and tie back in the information we found in stages one through six.
Link: https://versprite.com/blog/what-is-pasta-threat-modeling/