Measuring Maturity of PASTA Threat Modeling Activities Using SAMM Threat Analysis
Tony UV
SME
OWASP/ VerSprite
Abstract
Threat modeling is a process and leveraging a risk centric approach using PASTA, OpenSAMM provides a great way to measure how we can measure the journey of a PASTA threat modeling roll out using one of OWASP’s iconic maturity models for AppSec. PASTA has a built in RACI and associated activities per each of its seven stages and in this talk, we’ll map to the OWASP SAMM model to see how maturity can be measured over time against the activities for each stage of the Process for Attack Simulation & Threat Analysis.
Speaker Bio
Author, Founder, former CISO and global threat modeling expert on risk centric iterative approaches to application threat models. I’ve leveraged both BSIMM and OpenSAMM to measure the journey of how PASTA is adopted at various MNCs.
We use analytics cookies to understand how visitors use this site. See our privacy policy.
Cookie preferences
Necessary
Required for the site to work. Cannot be disabled.
Always on
Analytics
Helps us understand how visitors use the site (Google Analytics and Scarf page-view pixels on SAMM model pages). No personally identifiable information is collected.
