“The Senate determined to bring eight legions into the field, which had never been done at Rome before, each legion consisting of five thousand men besides allies. …Most of their wars are decided by one consul and two legions, with their quota of allies; and they rarely employ all four at one time and on one service. But on this occasion, so great was the alarm and terror of what would happen, they resolved to bring not only four but eight legions into the field.”

Polybius, The Histories of Polybius

Battle of Cannae in 216 BC [1] when Hannibal employed defense in depth in order to encircle and destroy 10 Roman Legions all at once, resulting in the largest single slaughter of Roman troops in the history of the republic. Edward Luttwak used the term to describe his theory of the defensive strategy employed by the Late Roman army in the third and fourth centuries AD.

This book introduces the Process for Attack Simulation and Threat Analysis (PASTA) threat modeling methodology, an asset, or risk-centric approach. Its purpose is to provide a framework for risk mitigation based upon viable threat patterns against various types of threats. This book was written to usher in a new approach on threat analysis and risk mitigation. Both the methodology and the book have been inspired by more than 50 years of collective IT and Information Security experience where lackluster risk management measures and predictable security testing has yielded bloated and ineffective responses ...