User day

Measuring Maturity of PASTA Threat Modeling Activities Using SAMM Threat Analysis

speaker picture

Tony UV

OWASP/ VerSprite


Threat modeling is a process and leveraging a risk centric approach using PASTA, OpenSAMM provides a great way to measure how we can measure the journey of a PASTA threat modeling roll out using one of OWASP’s iconic maturity models for AppSec. PASTA has a built in RACI and associated activities per each of its seven stages and in this talk, we’ll map to the OWASP SAMM model to see how maturity can be measured over time against the activities for each stage of the Process for Attack Simulation & Threat Analysis.

Speaker bio

Author, Founder, former CISO and global threat modeling expert on risk centric iterative approaches to application threat models. I’ve leveraged both BSIMM and OpenSAMM to measure the journey of how PASTA is adopted at various MNCs.