feat(lab2): Threagile threat model + secure variant + auth flow#4
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request Template
Goal
Complete Lab 2 threat modeling submission with baseline STRIDE analysis, secure variant hardening, and bonus auth-focused threat model.
Changes
submissions/lab2.mdβ Complete submission with Task 1 (baseline STRIDE analysis), Task 2 (secure variant & diff), Bonus Task (auth-focused model)labs/lab2/threagile-model-secure.yamlβ Hardened threat model with HTTPS, encrypted storage, DB access controlslabs/lab2/threagile-model-auth.yamlβ Focused authentication flow model with 4+ data assets and 5+ communication linksTesting
docker run --rm -v $(pwd)/labs/lab2:/w threagile/threagile:0.9.1 -model-filename /w/threagile-model.yaml -output-folder /w/output/ -generate-report-pdf=true -generate-risks-json=true -generate-risks-diagram=true-model-filename /w/threagile-model-secure.yaml -output-folder /w/output-secure/-model-filename /w/threagile-model-auth.yaml -output-folder /w/output-auth-new/risks.jsonto confirm counts match submission (baseline: 23, secure: 21, auth: 18)Artifacts & Screenshots
(not all artefacts uploaded as per the report: strictly used submitting commands provided. So most of the files below are only available in the local repo)
submissions/lab2.md β Final submission document
labs/lab2/output/report.pdf β Baseline threat model report
labs/lab2/output/risks.json β Baseline risks (23 total; Elevated 4, Medium 14, Low 5)
labs/lab2/output-secure/report.pdf β Secure variant report
labs/lab2/output-secure/risks.json β Secure risks (21 total; 2 risks mitigated)
labs/lab2/output-auth-new/report.pdf β Auth-focused report
labs/lab2/output-auth-new/risks.json β Auth risks (18 total)
labs/lab2/output/data-flow-diagram.png β Baseline DFD
labs/lab2/output-secure/data-flow-diagram.png β Secure DFD
Title uses
feat(lab2): threat-modelingstyleNo secrets/large temp files committed
submissions/lab2.mdpresent