Skip to content

feat(lab2): report + auth model + secure model#957

Open
sofifaro wants to merge 14 commits into
inno-devops-labs:mainfrom
sofifaro:feature/lab2
Open

feat(lab2): report + auth model + secure model#957
sofifaro wants to merge 14 commits into
inno-devops-labs:mainfrom
sofifaro:feature/lab2

Conversation

@sofifaro

@sofifaro sofifaro commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown

Goal

Lab 2: Perform threat modeling on OWASP Juice Shop using Threagile, produce baseline and secure variant risk reports, and optionally model the authentication flow.

Changes

  • labs/lab2/threagile-model.yaml — baseline threat model
  • labs/lab2/threagile-model-secure.yaml — hardened variant with HTTPS, authentication, and encryption
  • labs/lab2/threagile-model-auth.yaml — bonus authentication‑focused model
  • submissions/lab2.md — final report with risk tables, STRIDE mapping, and reflections

Testing

Run baseline model

docker run --rm \
  -v "$(pwd)/labs/lab2":/app/work \
  threagile/threagile:0.9.1 \
  -model /app/work/threagile-model.yaml \
  -output /app/work/output \
  -generate-risks-excel=false \
  -generate-tags-excel=false

Run secure variant

docker run --rm \
  -v "$(pwd)/labs/lab2":/app/work \
  threagile/threagile:0.9.1 \
  -model /app/work/threagile-model-secure.yaml \
  -output /app/work/output-secure \
  -generate-risks-excel=false \
  -generate-tags-excel=false

Run auth model (bonus)

docker run --rm \
  -v "$(pwd)/labs/lab2":/app/work \
  threagile/threagile:0.9.1 \
  -model /app/work/threagile-model-auth.yaml \
  -output /app/work/output-auth \
  -generate-risks-excel=false \
  -generate-tags-excel=false

Observed output:

Baseline: 23 risks (Elevated:4, Medium:14, Low:5)
Secure:   20 risks (Elevated:2, Medium:13, Low:5)
Auth:     27 risks (High:1, Elevated:5, Medium:18, Low:3)
All runs produced report.pdf, data-flow diagrams, risks.json, and stats.json.

Artifacts & Screenshots

Checklist

  • Task 1 done — Baseline threat model run, top‑5 risks listed, STRIDE mapping, trust boundary observation
  • Task 2 done — Secure variant created, risk diff table, honesty check
  • Bonus done — Auth‑focused model with 3 auth‑specific risks and reflection

sofifaro added 14 commits June 10, 2026 15:27
@sofifaro
Submit Lab 1 with Triage Report and PR Template
b175757 
Added a comprehensive triage report for the OWASP Juice Shop deployment, including security observations and a PR template to enhance collaboration.
@sofifaro
Create PR template for OWASP Juice Shop lab
404a008 
Add a pull request template for Lab 1 submission.
@sofifaro
feat(lab1): lab1-smole.yml upload
5703d46 
This workflow runs a smoke test for the Juice Shop application on pull requests to the main branch, ensuring it starts and responds correctly.
@sofifaro
Delete .github/PULL_REQUEST_TEMPLATE.md
a207a55
@sofifaro
feat(lab1): PR template
a7e6e94 
Updated the pull request template to include testing commands, observed output sections, and a checklist for tasks completed.
@sofifaro
feat(lab1): triage report
ebe462d
@sofifaro
Delete submissions directory
b746ae4
@sofifaro
feat(lab1): triage report
fa228aa 
Added a comprehensive triage report for the OWASP Juice Shop deployment and created a pull request template to improve collaboration workflow.
@sofifaro
Delete .github/workflows/PULL_REQUEST_TEMPLATE.md
36affd2
@sofifaro
fix(lab1): fixed template
717db1b
@sofifaro
feat(lab2) report
8cd2f45
@sofifaro
fix(lab2) minor fixes
59d1968
@sofifaro
feat(lab2) created auth model
5cbe78a
@sofifaro
feat(lab2) created secure model
8eb48d2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sofifaro