---
| | |
| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Stages** | **Sneaker company** |
| I. Define business and security objectives | Make 2-3 notes of specific business requirements that will be analyzed.
- Will the app process transactions?
- Does it do a lot of back-end processing?
- Are there industry regulations that need to be considered? |
| II. Define the technical scope | List of technologies used by the application:
- Application programming interface (API)
- Public key infrastructure (PKI)
- SHA-256
- SQL
Write 2-3 sentences (40-60 words) that describe why you choose to prioritize that technology over the others. |
| III. Decompose application | [Sample data flow diagram](https://docs.google.com/presentation/d/1ol7y79popTFfNHM-90ES-H-i1Lpd0YNvPShxBlXozjg/template/preview?resourcekey=0-DZAkf7Vzh2PXsP-j3oXV-g) |
| IV. Threat analysis | List 2 types of threats in the PASTA worksheet that are risks to the information being handled by the application.
- What are the internal threats?
- What are the external threats? |
| V. Vulnerability analysis | List 2 vulnerabilities in the PASTA worksheet that could be exploited.
- Could there be things wrong with the codebase?
- Could there be weaknesses in the database?
- Could there be flaws in the network? |
| VI. Attack modeling | [Sample attack tree diagram](https://docs.google.com/presentation/d/1FmWLyHgmq9XQoVuMxOym2PHO8IuedCkan4moYnI-EJ0/template/preview?usp=sharing&resourcekey=0-zYPY7AhPJdcClXamlAfOag) |
| VII. Risk analysis and impact | List 4 security controls that you’ve learned about that can reduce risk. |
---