What is PASTA Stage 1?

Stage 1 of the Process for Attack Simulation and Threat Analysis (PASTA) focuses on defining business objectives and identifying critical assets to ensure security efforts protect the most valuable parts of the organization.

Can this skill be used for existing applications?

Yes, it is highly effective at reverse-engineering the business context and risk profile of legacy or existing codebases by analyzing their actual implementation.

What files does this skill analyze?

It prioritizes README files, package manifests (like package.json or pom.xml), environment variables, database migrations, and API specifications to infer context.

Do I need to be a security expert to use this skill?

No, the skill is designed to guide users through the discovery process, though a basic understanding of your application's business purpose is helpful.

How does this skill identify compliance requirements?

The skill scans the codebase for specific patterns, such as payment processing libraries for PCI-DSS, health data schemas for HIPAA, or EU-specific data handling for GDPR.

PASTA Business Objectives Analysis

Name: PASTA Business Objectives Analysis
Author: florianbuetow

byflorianbuetow

•

安全与测试

Defines business objectives and critical assets to anchor threat modeling in organizational impact.

This skill implements Stage 1 of the PASTA (Process for Attack Simulation and Threat Analysis) framework, helping security professionals and developers align their technical threat modeling with actual business value. It automatically scans project metadata, configurations, and source code to identify core functions, data sensitivity, and compliance requirements like GDPR, HIPAA, or PCI-DSS. By establishing a clear risk appetite and identifying business-critical assets early, it ensures that subsequent security analysis focuses on the areas of highest organizational impact and regulatory risk.

主要功能

01Generates standardized PASTA Stage 1 Business Context Documents to feed downstream analysis.

02Risk appetite definition based on codebase analysis and project metadata.

03Automated identification of business-critical assets and data sensitivity levels.

04Compliance scanning for regulatory requirements including PCI-DSS, GDPR, and HIPAA.

05Inference of application purpose from API contracts, schemas, and documentation.

066 GitHub stars

使用场景

01Conducting a business impact analysis (BIA) to determine acceptable downtime and data loss thresholds.

02Initiating a formal PASTA threat modeling process for a new or existing application.

03Identifying regulatory compliance requirements early in the software development lifecycle.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code pasta-objectives

For use in Claude.ai and ChatGPT

Download Skill