PASTA Threat Modeling (Process for Attack Simulation and Threat Analysis)
Inspium’s Risk-Based Threat Model Methodology
Inspium leverages our PASTA (Process for Attack Simulation and Threat Analysis) methodology to apply a risk-based approach to threat modeling. This methodology integrates business impact, inherent application risk, trust boundaries amongst application components, correlated threats, and attack patterns that exploit identified weaknesses from the threat modeling exercises. Prior to the PASTA threat model, most application threat models were not even considering actual threats.
As the name implies, a key goal for threat modeling is to do just that – model threats. Threat categorization mnemonics (like STRIDE) are helpful for beginners, but product managers and their superiors are eager to know which threats are topical to their business, product, and platform. Furthermore, limiting threats to a handful of categories may not include the actual threats adversarial groups are planning.
PASTA provides a risk centric threat modeling approach that is evidence-based. Inspium’s security experts correlate real threats to your attack surface of application components and identify risk by first understanding the context of what the software or application is intended to do for the business or its clients. We also conduct exploitation tests that support threat motives within the model to validate whether they are probabilistic. Correlating viability with sustained impact allows this methodology to resonate as a highly effective risk-focused threat modeling approach.
Vulnerability Security Research, Exploit Development and, Reverse Engineering
Zero Day Vulnerability Research
Maintain awareness regarding unknown threats to your products, technologies, and enterprise networks. Clients that are willing to take the next step in proactively securing their flagship product or environment can leverage our zero-day vulnerability research offering. This subscription-based capability provides the customer immediate access to zero-day vulnerabilities affecting their products, and software used throughout their organization.
B.O.S.S (Back of Store Security) Research
Essentially a research for hire for client specific goals and objectives. Inspium Research and Development division prides itself on being able to solve technical challenges for our clients. Inspium’s BOSS offering allows our clients to utilize these capabilities and dive into the security internals of their products.
