Stage 4: Threat Analysis

Stage 4: Threat Analysis

Stage 4 leverages threat intelligence to understand what threats your application faces. Rather than relying solely on generic threat lists, PASTA emphasizes using relevant, current threat intelligence to identify realistic attack scenarios. This stage transforms the technical understanding from Stage 3 into specific threats that malicious actors might actually attempt.

Gather threat intelligence from multiple sources relevant to your industry and technology stack. Industry-specific threat reports reveal common attack patterns in your sector. Vulnerability databases highlight known issues in your technologies. Security advisories from vendors warn of emerging threats. Incident reports from similar organizations show what attacks succeed. Internal security logs reveal what threats you're already facing.

Analyze threat actors likely to target your application. Different actors have different capabilities, motivations, and methods. Opportunistic criminals might use automated tools to find easy targets. Sophisticated organized crime groups could invest significant resources in targeted attacks. Nation-state actors might employ advanced persistent threats. Insider threats could abuse privileged access. Understanding your likely adversaries helps prioritize realistic threats over theoretical ones.

Create threat scenarios that combine identified vulnerabilities with threat actor capabilities and motivations. For example, a sophisticated criminal group might chain multiple vulnerabilities to access payment card data, while an insider might abuse administrative access to steal customer information. These scenarios should be specific enough to analyze but general enough to cover variations in attack methods.