Skip to content

finalize all lab#5

Merged
MikeNovikoff merged 2 commits into
mainfrom
feature/lab2
Jun 12, 2026
Merged

finalize all lab#5
MikeNovikoff merged 2 commits into
mainfrom
feature/lab2

Conversation

@MikeNovikoff

Copy link
Copy Markdown
Owner

Goal

Complete Lab 2 by generating a baseline threat model for OWASP Juice Shop using Threagile, hardening the architecture, and analyzing the risk diff.


Changes

  • Analyzed baseline risk report using Threagile.
  • Created threagile-model-secure.yaml with infrastructure-level hardening (enforced HTTPS, encrypted DB volume, declared prepared statements, removed plain logs).
  • Added submissions/lab2.md with STRIDE mapping, trust boundary analysis, and risk diff tables.

Testing

  • Ran threagile/threagile:0.9.1 Docker container against both baseline and secure models.
  • Parsed risks.json to verify risk counts dropped as expected (Total risks dropped from 30 to 27 after infrastructure fixes).

Artifacts

  • labs/lab2/threagile-model-secure.yaml
  • submissions/lab2.md

Checklist

  • Title is clear (feat(lab2): Threat Modeling with Threagile)
  • No secrets/large temp files committed
  • submissions/lab2.md exists
  • Task 1 — Baseline risk table + top-5 with STRIDE mapping
  • Task 2 — Secure variant + risk diff table
  • Bonus — Auth-flow model + 3 auth-specific risks

@MikeNovikoff MikeNovikoff merged commit 192da77 into main Jun 12, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant