Wolf, AndreasSimopoulos, DimitriosD'Avino, LucaSchwaiger, PatrickReussner, Ralf H.Koziolek, AnneHeinrich, Robert2021-01-272021-01-272021978-3-88579-701-2https://dl.gi.de/handle/20.500.12116/34700Recently, IoT usage has grown rapidly. Security risks are rising analogously, though. Our paper introduces an approach to identify and address security threats by applying the PASTA (Process for Attack Simulation and Threat Analysis) threat model to the IoT domain. By adapting PASTA, we optimize the threat analysis based on domain knowledge and specific needs of IoT. With integration of the PASTA results into the development process and the IoT software development life cycle, we reduce security risks. A prototype demonstrates the feasibility of the concept for security vulnerability reduction via an integrated DevSecOps toolchain.enInternet of ThingsThreat ModelDevSecOpsCyber-SecuritySecurity Testing10.18420/inf2020_1111617-5468