Skip to content

feat: complete all lab2 tasks#3

Open
ph1larmon1a wants to merge 1 commit intomainfrom
feature/lab2
Open

feat: complete all lab2 tasks#3
ph1larmon1a wants to merge 1 commit intomainfrom
feature/lab2

Conversation

@ph1larmon1a
Copy link
Owner

@ph1larmon1a ph1larmon1a commented Sep 19, 2025

Goal

Generate and document a Threagile threat model for OWASP Juice Shop.
Produce the full report, diagrams, risk outputs, and summarize results in labs/submission2.md.

Changes

  • Added labs/lab2/threagile-model.yaml (baseline threat model).
  • Generated Threagile artifacts: report.pdf, diagrams, risks.json, stats.json, technical-assets.json.
  • Added labs/submission2.md with:
    • Top 5 risks table (sorted by weighted score).
    • Delta Run comparison (baseline vs secure).
    • Stats snapshot and explanations.
  • Created a secure variant of the model

Testing

  • Ran Threagile baseline model and confirmed all outputs were generated in labs/lab2/baseline.
  • Re-ran with secure variant (threagile-model.secure.yaml) and verified risk counts decreased.
  • Validated JSON parsing and risk ranking with a helper Python script.
  • Opened report.pdf to confirm diagrams render correctly.

Artifacts & Screenshots

  • labs/lab2/baseline/report.pdf (full report with diagrams).
  • labs/lab2/baseline/data-flow.png (data-flow diagram).
  • labs/lab2/baseline/risks.json (baseline risk list).
  • labs/lab2/secure/report.pdf (full report with secure diagrams).
  • labs/lab2/secure/data-flow.png (data-flow secure diagram).
  • labs/lab2/secure/risks.json (secure variant).
  • labs/submission2.md (final write-up).

Checklist

  • PR has a clear and descriptive title
  • Documentation updated if needed
  • No secrets or large temporary files committed
  • Task 1: Threagile baseline model + report + diagrams + submission2.md (Top 5)
  • Task 2: HTTPS Variant + secure run + Category delta table + delta explanation

@ph1larmon1a ph1larmon1a mentioned this pull request Sep 19, 2025
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ph1larmon1a