handbook/templates/PASTA.md

20 lines
3.6 KiB
Markdown
Raw Normal View History

2024-08-30 12:45:22 +00:00
---
| | |
| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Stages** | **Sneaker company** |
| I. Define business and security objectives | Make 2-3 notes of specific business requirements that will be analyzed.<br><br>- Will the app process transactions?<br> <br>- Does it do a lot of back-end processing?<br> <br>- Are there industry regulations that need to be considered? |
| II. Define the technical scope | List of technologies used by the application:<br><br>- Application programming interface (API)<br> <br>- Public key infrastructure (PKI)<br> <br>- SHA-256<br> <br>- SQL<br> <br><br> <br><br>Write 2-3 sentences (40-60 words) that describe why you choose to prioritize that technology over the others. |
| III. Decompose application | [Sample data flow diagram](https://docs.google.com/presentation/d/1ol7y79popTFfNHM-90ES-H-i1Lpd0YNvPShxBlXozjg/template/preview?resourcekey=0-DZAkf7Vzh2PXsP-j3oXV-g) |
| IV. Threat analysis | List 2 types of threats in the PASTA worksheet that are risks to the information being handled by the application.<br><br>- What are the internal threats?<br> <br>- What are the external threats? |
| V. Vulnerability analysis | List 2 vulnerabilities in the PASTA worksheet that could be exploited.<br><br>- Could there be things wrong with the codebase?<br> <br>- Could there be weaknesses in the database?<br> <br>- Could there be flaws in the network? |
| VI. Attack modeling | [Sample attack tree diagram](https://docs.google.com/presentation/d/1FmWLyHgmq9XQoVuMxOym2PHO8IuedCkan4moYnI-EJ0/template/preview?usp=sharing&resourcekey=0-zYPY7AhPJdcClXamlAfOag) |
| VII. Risk analysis and impact | List 4 security controls that youve learned about that can reduce risk. |
---