What is PASTA?

PASTA (Process for Attack Simulation and Threat Analysis) is a risk-centric threat modeling methodology. Where STRIDE focuses on categorizing technical threats, PASTA aligns threat analysis with business objectives and the likelihood and impact of real-world attacks.

PASTA is structured as seven stages: define business objectives, define the technical scope, decompose the application, analyze threats, analyze vulnerabilities, model attacks, and perform risk and impact analysis. The output prioritizes threats by business risk, which makes it well suited to executive and compliance audiences.

Because PASTA is thorough, it is often seen as heavyweight to run by hand. Virantis automates PASTA alongside STRIDE so teams get risk-centric analysis without the manual overhead.