Skip to content

feat(lab2): Threagile threat model + secure variant + auth flow#941

Open
wannebetheshy wants to merge 3 commits into
inno-devops-labs:mainfrom
wannebetheshy:feature/lab2
Open

feat(lab2): Threagile threat model + secure variant + auth flow#941
wannebetheshy wants to merge 3 commits into
inno-devops-labs:mainfrom
wannebetheshy:feature/lab2

Conversation

@wannebetheshy

@wannebetheshy wannebetheshy commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown

Goal

Generate a STRIDE-based threat model of OWASP Juice Shop using Threagile, produce a secure variant to observe risk reduction, and build a focused feature-level authentication threat model.

Changes

  • Added full analysis report in submissions/lab2.md
  • Created secure architecture variant labs/lab2/threagile-model-secure.yaml
  • Created focused auth-flow model labs/lab2/threagile-model-auth.yaml

Testing

# Generating the baseline threat model
docker run --rm -v "$(pwd)/labs/lab2":/app/work threagile/threagile:0.9.1 -model /app/work/threagile-model.yaml -output /app/work/output

# Verifying the risk counts
jq '[.[] | .severity] | group_by(.) | map({severity: .[0], count: length})' labs/lab2/output/risks.json

Observed output:

[
  {
    "severity": "elevated",
    "count": 4
  },
  {
    "severity": "low",
    "count": 5
  },
  {
    "severity": "medium",
    "count": 14
  }
]

Artifacts & Screenshots

  • The final PR contains the two new YAML models and the complete markdown submission with STRIDE mappings and diff tables.

Checklist

  • Task 1 — Baseline risk table + top-5 with STRIDE mapping
  • Task 2 — Secure variant + risk diff table
  • Bonus — Auth-flow model + 3 auth-specific risks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wannebetheshy