This training will walk through the 7 stages of the Process for Attack Simulation and Threat Analysis (PASTA), a risk centric approach to threat modeling that can be paralleled to SDL activities for developers, architects, system engineers, and (of course) security professionals. Students will begin by learning about threat modeling fundamentals that are agnostic to any methodology. Activities such as application deconstruction, data flow diagramming, enumeration exercises, use/ abuse case mapping will all be exemplified in the training. The key benefit will be in applying a risk centric approach to threat modeling via the PASTA approach which looks to identify the most likely attack vectors based upon harvesting threat intelligence sources and evaluating other factors such as deployments models, inherent industry threat agents/ motives, and overall application architecture. An outline of the training to be provided is included below:
I. Threat Modeling Intro & Primer
A. Objectives & Approaches
B. Threat Modeling Taxonomy & Syntax
C. Tools & Techniques
D. PASTA Methodology Overview
II. P1 – Define Business Objectives of Application Threat Model (Goal: Define Impact)
A. Enumerate business objectives serving as application drivers
B. Identify application data types (privacy implications)
C. Identify regulatory impact/ landscape for application environment
D. Identify SLAs associated with product app
III. P2. Define Technology Scope (Component Enum)
A. Enum Application Frameworks leveraged by Framework
B. Enum platform components (system OS, etc.)
C. Enum actors running component processes
D. Enum network services supporting various layers of application architecture
E. Enum third party product (COTS) supporting application solution
F. Enum data components across application layers
G. Enum existing countermeasures (processes, technological controls, etc.)
IV. P3 – Application Decomposition (Call Tracing – Understanding calls amongst app components)
A. Identify Use Cases using Components
B. Map Call Flows amongst App Components
C. Identify Trust Boundaries in the Application
D. Perform CRUD exercises on back data storage sources (DBs, disk, client data storage)
E. System level permissioning review
F. Open and Integrated Auth Model Considerations
G. Cloud API considerations
V. P4 – Threat Analysis
A. Harvesting relevant threat intel sources (external sources)
B. Harvesting threat data (internal sources)
C. Probabilistic threat analysis
D. Deployment models and architectural review of apps
E. Identifying Threat Agents and Motives for targeted app
VI. P5 – Vuln Analysis
A. Leveraging vulnerability assessments
B. Using a strong Weakness/ Vulnerability Library (CVE/ CWE)
C. Identifying & Correlating flaws in application model
D. Identifying & Correlating system/ DB/ framework related vulnerabilities
VII. P6 – Attack Modeling
A. Leveraging a valid attack library (CAPEC)
B. Understanding Kill Chains and Attack Trees
C. Assigning probabilities to attack branches (probabilistic analysis of attacks)
D. Exploit DB & Common Attack Patterns
VIII. P7 – Residual Risk Analysis & Countermeasure Development
A. Inherent countermeasures
B. Inherent countermeasure effectiveness
C. Residual Risk Analysis
D. Impact Analysis from Threats
E. Prioritizing Countermeasures
IX. Threat Modeling Vignettes
A. Threat Modeling Exercises in groups
X. Maturity Modeling & SDLC Integration
A. OpenSAMM Use
B. SDLC Metrics
C. RACI for PASTA