Reading Time: 4 minutes

In the new cyber age, the need for cybersecurity is becoming increasingly apparent. The increasing complexity of attacks and the number of cybercriminals has led to more security breaches in the last couple of years. The organizations whose data centers or applications were compromised suffered staggering losses. Businesses need to become aware of security threats and how to deal with them. Threat Intelligence equips organizations with predictive capabilities to identify threats and vulnerabilities so the security team can take counter measures to mitigate threats.



Process for Attack Simulation and Threat Analysis (PASTA) is a methodology to perform application threat modeling. This technique focuses on applying security countermeasures to potentially mitigate defined threat models, weaknesses, vulnerabilities, and attack vectors. PASTA allows organizations to understand an attacker’s perspective on applications and infrastructure, thus developing threat management processes and policies.

PASTA threat modeling methodology was conceptualized by Tony UcedaVélez and Marco M. Morana in 2015. Their book Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis introduces various application threat modeling types. The authors were co-founders of this PASTA threat modeling and conceptualized risk-centric methodology aimed at applying security countermeasures.


Source – https://versprite.com/security-offerings/appsec/application-threat-modeling/

Define Objectives

In the first step of PASTA, the objectives of the threat modeling process are listed down. Clear objectives make the entire process more streamlined, with a focus on only the relevant assets. Objectives are also necessary for determining security and compliance requirements relevant to the process due to business or government regulations. The tools and methods to be used for the test are also defined in this step.

Define Technical Scope

The boundaries of the application need to be defined, along with the application dependencies from the network environment. The dependencies on the server infrastructure also need to be discovered and their relevance to the software. To accomplish this, high-level design documents are used in this stage which include network diagrams and logical & physical architecture diagrams. The software and technical specifications are also used as a source of information at this stage.

Decomposition & Analysis of Application

A definition and evaluation of assets needs to be carried out, wherein data in transit and at rest are taken into consideration. A trust boundary, a boundary in which a system trusts all subsystems inclusive of data, should also be created for each computing asset. Services, hardware, and software relevant to the application should be decomposed. Data entry points and trust levels are to be determined, resulting in the mapping of use cases with assets and actors.

Threat Analysis

This step is intended to identify and extract threat information from sources of intelligence. Threat analysis enumerates threat attack scenarios that are exploited by web-focused attack agents. An analysis of incidents and security events coupled with fraud case management reports is useful information at this stage. The enumeration process results in the identification of threat agents and attacks the application is susceptible to. Threat analysis, therefore, results in attack enumeration.

Vulnerabilities & Weaknesses Analysis

This stage aims to analyze the weaknesses and vulnerabilities of web application security controls. This stage correlates vulnerabilities to the application’s assets. It maps threats to security flaws in the application and enumerates and scores vulnerabilities as per established scoring. Some of the useful data sources in this stage include a library of threat trees and vulnerability assessment reports.

Attack/Exploit Enumeration and Modeling

There is the identification of the application’s attack surface. The attack trees for the identified exploits are enumerated and determined. A map of attack vectors to attack trees’ nodes is drawn, and the identification of exploits and attack paths is carried out with the attack trees’ aid.

Analyze Modeling & Simulation

After an attack vector has been modeled, the security analysts determine the plausibility of running a successful attack. An analysis of the application’s use and abuse cases is carried out to further shine a light on the identified exploit. Use cases are mapped to abuse cases. Threat modeling is used to link an attack vector and scenario in which it would be exploited.

Risk & Impact Analysis

Once the threat model has been successfully created and analyzed, an analysis of the affected areas should be carried out, should a successful attack occur. Affected assets, systems, and networks are analyzed to determine the extent of disruption. Gaps in security controls are identified in this step. Based on identified attack vectors, mitigations are developed, and residual risk determined.

How to Acquire Skills to Carry Out PASTA
Threat Modeling?

EC-Council’s Certified Threat Intelligence Analyst (CTIA) Program teach you to create a Threat Intelligence project that includes Cyber Threat Analysis and Threat Modeling as well. The program gives you sound knowledge on different threat modeling methodologies and how to carry out the process.

To learn more please visit the CTIA program page.


Shostack, Adam (2014). “Threat Modeling: Designing for Security”. John Wiley & Sons Inc: Indianapolis.

Amoroso, Edward G (1994). “Fundamentals of Computer Security Technology”. AT&T Bell Labs. Prentice-Hall: Upper Saddle River.

get certified from ec-council
Write for Us