Threat Modeling with Threagile (lab2)

[Boogyy]

Goal

Complete Lab 2 : model OWASP Juice Shop deployment using Threagile, generate baseline and secure variant risk reports, and document comparative risk analysis.

Changes

• Added Threagile baseline model analysis

• Generated baseline and secure threat model outputs:
  risks.json, report.pdf, stats.json, technical-assets.json
  Data-flow & data-asset diagrams

• Implemented HTTPS + encryption secure variant

• Added risk comparison (Baseline vs Secure) using jq delta analysis

• Added labs/submission2.md with structured findings and screenshots

Testing

• Verified Threagile baseline model generation via Docker
• Executed jq risk comparison command successfully
• Confirmed both baseline and secure directories contain complete outputs

Artifacts

• labs/submission2.md
• labs/lab2/baseline/
• labs/lab2/secure/
• labs/lab2/threagile-model.secure.yaml

---

Checklist

• [*] Task 1 done — Threagile baseline model + risk analysis
• [*] Task 2 done — HTTPS variant + risk comparison