Skip to content

Feature/lab2#380

Open
ostxxp wants to merge 3 commits intoinno-devops-labs:mainfrom
ostxxp:feature/lab2
Open

Feature/lab2#380
ostxxp wants to merge 3 commits intoinno-devops-labs:mainfrom
ostxxp:feature/lab2

Conversation

@ostxxp
Copy link

@ostxxp ostxxp commented Feb 16, 2026

Goal

The purpose of this PR is to perform automated threat modeling of the OWASP Juice Shop application using Threagile and analyze the security risks in both baseline and secure deployment variants.

This lab demonstrates how infrastructure and communication security controls, such as HTTPS and storage encryption, affect the overall threat landscape and reduce security risks.

Changes

  • Generated baseline threat model using Threagile from threagile-model.yaml
  • Produced baseline artifacts:
    • report.pdf
    • risks.json
    • stats.json
    • technical assets and diagrams
  • Identified and documented Top 5 security risks in labs/submission2.md
  • Created secure threat model variant threagile-model.secure.yaml
  • Applied security improvements:
    • Enabled HTTPS for communication links
    • Enabled encryption for Persistent Storage
  • Generated secure threat model artifacts
  • Compared baseline and secure risk profiles using automated risk comparison
  • Documented risk reduction analysis in labs/submission2.md

Testing

The threat model was tested by running Threagile in Docker to generate threat analysis outputs.

Baseline model generation:

docker run --rm -v "$(pwd)":/app/work threagile/threagile \
  -model /app/work/labs/lab2/threagile-model.yaml \
  -output /app/work/labs/lab2/baseline

Secure model generation:

docker run --rm -v "$(pwd)":/app/work threagile/threagile \
  -model /app/work/labs/lab2/threagile-model.secure.yaml \
  -output /app/work/labs/lab2/secure

Risk comparison performed using jq analysis script.
All required artifacts were successfully generated and verified.

Risk comparison was performed using jq analysis script to compare baseline and secure threat models.

The results showed that enabling HTTPS and storage encryption reduced the number of security risks related to unencrypted communication and unencrypted assets.

All required threat model artifacts were successfully generated and verified.

Artifacts & Screenshots

Generated artifacts:

Baseline model:

  • labs/lab2/baseline/report.pdf
  • labs/lab2/baseline/risks.json
  • labs/lab2/baseline/stats.json
  • labs/lab2/baseline/data-flow-diagram.png
  • labs/lab2/baseline/data-asset-diagram.png

Secure model:

  • labs/lab2/secure/report.pdf
  • labs/lab2/secure/risks.json
  • labs/lab2/secure/stats.json
  • labs/lab2/secure/data-flow-diagram.png
  • labs/lab2/secure/data-asset-diagram.png

Documentation:

  • labs/submission2.md

Checklist

  • Clear and descriptive title
  • Documentation updated if needed
  • No secrets or temporary files included

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ostxxp