Acronyms, Abbreviations, and Initialisms
|Short Form||Full Form|
|PASTA||Process for Attack Simulation and Threat Analysis|
The Process for Attack Simulation and Threat Analysis (PASTA) is a risk-centric threat modeling methodology that provides a step-by-step process to inject risk analysis and context into an organization's overall security strategy from the beginning. PASTA encourages collaboration across all stakeholders, creating an environment focused on security.
PASTA has seven stages, with each stage acting as building blocks to one another. This approach allows your threat model to be a linear process and leverage existing security testing activities present within your organization, like code review, third party library analysis, static analysis, and threat monitoring for application infrastructure.
- Define the Objectives
- Define the Technical Scope
- Decompose the Application
- Analyze the Threats
- Vulnerability Analysis
- Attack Analysis
- Risk and Impact Analysis