PASTA: Process for Attack Simulation and Threat Analysis (2 days)
The increased exposure to emerging cyber-threats targeting web and mobile applications for financial gain and reputational damage represents a challenge for traditional application security measures and requires businesses to shift their focus from defensive measures to detective ones. Because of current sophisticated cyber-threats, the application assets such as sensitive data and business critical functionalities can still be compromised beyond the opportunistic exploit of vulnerabilities.
This course provides the ability to identify various risk factors of cyber-threats by following a structured process. After this training, information security managers and analysts will be capable to derive a set of detective and preventive controls and to drive the organization/business by following security principles such as “defense in depth "and" kill chain". The adoption of risk based threat modeling empowers information security risk managers in the identification of security measures that are effective in reducing the risk of cyber threats like social engineering, malware / Trojans, DDoS and APTs.
Application security architects can benefit from taking this training course since it will allow them to conduct architectural risk analysis on existing and new applications and to identify potential critical vulnerabilities that can be introduced due to design flaws.
This training also helps software developers to apply the results of threat modeling to remediate issues in source code and perform code level unit tests. In particular the formation of a vulnerable process PASTA allows testers to perform risk-based tests for various types of vulnerabilities that are not usually tested such as "business logic flaws" and "use and abuse" test cases.
For business analysts and project managers the training on risk-based threat modeling process PASTA helps them to being able to document the security requirements for web and mobile applications. Being PASTA a risk-based threat modeling process, it includes a methodology and activities such as architectural risk analysis, threat modeling and security tests that integrate the various phases of the secure software development cycle (S-SDLC)