Stage IV of PASTA is one where threat intel and threat data have a strong relevance to building a highly contextualized threat model for applications. No other threat modelling methodology factors in threat intel or threat data to substantiate attack patterns that support threat objectives by a threat actor. In this talk, we’ll explore the process on how threat data (e.g. – firewall alerts, waf alerts, edr alerts, etc.) and threat intelligence (e.g. – threat advisories on embedded libraries, active threat campaigns, exploits in the wild reports, etc.) and organizational incidents can shape and substantiate the build out of a robust threat library in threat modelling. The heart of a threat model is the credibility of the threat library and how it’s constructed. Once a robust threat library can be built, a tactical blueprint for exploit testing or penetration testing can be carried out with impressive results.

Find out more about CREST:
www.crest-approved.org/

Follow CREST on social media:
twitter.com/crestadvocate
www.linkedin.com/company/crest-approved