Threat Modeling grading issue

General
1

I have tried fixing everything from my model and i still don’t get the flag required to finish the lab. Please I need help!



{
"version": "2.2.0",
"summary": {
"title": "My Premium Dealership",
"owner": "Jr. Security Engineer",
"description": "\"My Premium Dealership\" is a B2C application with a micro-service architecture that allows users to request mechanic services for their vehicle.",
"id": 0
},
"detail": {
"contributors": [
{
"name": "Iman (Infra)"
},
{
"name": "Devon (Development)"
},
{
"name": "Suzy (Security)"
},
{
"name": "Greta (GRC)"
},
{
"name": "Sal (Stakeholder)"
}
],
"diagrams": [
{
"id": 0,
"title": "mypremiumdealership.com",
"diagramType": "STRIDE",
"placeholder": "New STRIDE diagram description",
"thumbnail": "./public/content/images/thumbnail.stride.jpg",
"version": "2.2.0",
"cells": [
{
"position": {
"x": 1.25,
"y": 215
},
"size": {
"width": 190,
"height": 120
},
"shape": "trust-boundary-box",
"attrs": {
"headerText": {
"text": "Public Network"
}
},
"id": "c5d1b746-8ca1-452b-b8f2-525b0e9e3d6b",
"zIndex": -1,
"data": {
"type": "tm.BoundaryBox",
"name": "Public Network",
"description": "",
"isTrustBoundary": true,
"hasOpenThreats": false
}
},
{
"position": {
"x": 264.9999999999998,
"y": 70.00000000000159
},
"size": {
"width": 450,
"height": 420
},
"shape": "trust-boundary-box",
"attrs": {
"headerText": {
"text": "Data Center (Protected)"
}
},
"id": "f08f41e1-b630-45db-b6b1-0a5458de0eef",
"zIndex": -1,
"data": {
"type": "tm.BoundaryBox",
"name": "Data Center (Protected)",
"description": "",
"isTrustBoundary": true,
"hasOpenThreats": false
}
},
{
"position": {
"x": 790,
"y": 195
},
"size": {
"width": 220,
"height": 160
},
"shape": "trust-boundary-box",
"attrs": {
"headerText": {
"text": "Data Center (Restricted)"
}
},
"id": "e7ec98c7-b0ae-4d8f-a0dc-f657b2f7bbf9",
"zIndex": -1,
"data": {
"type": "tm.BoundaryBox",
"name": "Data Center (Restricted)",
"description": "",
"isTrustBoundary": true,
"hasOpenThreats": false
}
},
{
"position": {
"x": 40,
"y": 245
},
"size": {
"width": 112.5,
"height": 60
},
"attrs": {
"text": {
"text": "User"
},
"body": {
"stroke": "red",
"strokeWidth": 2.5,
"strokeDasharray": null
}
},
"visible": true,
"shape": "actor",
"zIndex": 2,
"id": "97f211c4-cd4b-411e-8479-e60cf7ff21c6",
"data": {
"type": "tm.Actor",
"name": "User",
"description": "",
"outOfScope": false,
"reasonOutOfScope": "",
"hasOpenThreats": true,
"providesAuthentication": true,
"threats": [
{
"id": "245ee8c2-0230-4ef9-a64a-833e8d6560d9",
"title": "Account Takeover",
"status": "Open",
"severity": "Medium",
"type": "Spoofing",
"description": "MFA not yet implemented",
"mitigation": "Provide remediation for this threat or a reason if status is N/A",
"modelType": "STRIDE",
"new": false,
"number": 13,
"score": ""
}
]
}
},
{
"shape": "flow",
"attrs": {
"line": {
"stroke": "#333333",
"targetMarker": {
"name": "block"
},
"sourceMarker": {
"name": "block"
},
"strokeDasharray": null
}
},
"width": 200,
"height": 100,
"zIndex": 10,
"connector": "smooth",
"data": {
"type": "tm.Flow",
"name": "Data Flow",
"description": "",
"outOfScope": false,
"reasonOutOfScope": "",
"hasOpenThreats": false,
"isBidirectional": true,
"isEncrypted": false,
"isPublicNetwork": false,
"protocol": "",
"threats": []
},
"id": "90bc687f-2390-4339-91e8-05eacf843393",
"source": {
"cell": "c41e1644-1f36-4e34-8573-d486052ea494"
},
"target": {
"cell": "f3b93565-510d-4b23-9726-2e0e233e7e2c"
}
},
{
"shape": "flow",
"attrs": {
"line": {
"stroke": "#333333",
"targetMarker": {
"name": "block"
},
"sourceMarker": {
"name": "block"
},
"strokeDasharray": null
}
},
"width": 200,
"height": 100,
"zIndex": 10,
"connector": "smooth",
"data": {
"type": "tm.Flow",
"name": "Data Flow",
"description": "",
"outOfScope": false,
"reasonOutOfScope": "",
"hasOpenThreats": false,
"isBidirectional": true,
"isEncrypted": false,
"isPublicNetwork": false,
"protocol": "",
"threats": []
},
"id": "55fbdb33-03a6-4e22-821c-fa1053de67f6",
"source": {
"cell": "48256d04-53c3-4ad9-9815-fd8d27a022dd"
},
"target": {
"cell": "f3b93565-510d-4b23-9726-2e0e233e7e2c"
}
},
{
"shape": "flow",
"attrs": {
"line": {
"stroke": "#333333",
"targetMarker": {
"name": "block"
},
"sourceMarker": {
"name": "block"
},
"strokeDasharray": null
}
},
"width": 200,
"height": 100,
"zIndex": 10,
"connector": "smooth",
"data": {
"type": "tm.Flow",
"name": "Data Flow",
"description": "",
"outOfScope": false,
"reasonOutOfScope": "",
"hasOpenThreats": false,
"isBidirectional": true,
"isEncrypted": false,
"isPublicNetwork": false,
"protocol": "",
"threats": []
},
"id": "7e01d6ad-9afa-4187-8d8f-d88c2f9fe4d8",
"source": {
"cell": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c"
},
"target": {
"cell": "48256d04-53c3-4ad9-9815-fd8d27a022dd"
}
},
{
"shape": "flow",
"attrs": {
"line": {
"stroke": "#333333",
"targetMarker": {
"name": "block"
},
"sourceMarker": {
"name": "block"
},
"strokeDasharray": null
}
},
"width": 200,
"height": 100,
"zIndex": 10,
"connector": "smooth",
"data": {
"type": "tm.Flow",
"name": "Data Flow",
"description": "",
"outOfScope": false,
"reasonOutOfScope": "",
"hasOpenThreats": false,
"isBidirectional": true,
"isEncrypted": false,
"isPublicNetwork": false,
"protocol": "",
"threats": []
},
"id": "4fed8f6f-dff1-4b6d-8348-dfa561e76569",
"source": {
"cell": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c"
},
"target": {
"cell": "c41e1644-1f36-4e34-8573-d486052ea494"
},
"vertices": []
},
{
"shape": "flow",
"attrs": {
"line": {
"stroke": "red",
"strokeWidth": 2.5,
"targetMarker": {
"name": "block"
},
"sourceMarker": {
"name": "block"
},
"strokeDasharray": null
}
},
"width": 200,
"height": 100,
"zIndex": 10,
"connector": "smooth",
"data": {
"type": "tm.Flow",
"name": "Web Traffic\n",
"description": "",
"outOfScope": false,
"reasonOutOfScope": "",
"hasOpenThreats": true,
"isBidirectional": true,
"isEncrypted": false,
"isPublicNetwork": true,
"protocol": "HTTP",
"threats": [
{
"id": "1420e242-2dd0-49a8-910a-0fee0f921a14",
"title": "Credential Sniffing",
"status": "Open",
"severity": "Medium",
"type": "Information disclosure",
"description": "Unencrypted traffic exposes user credentials.",
"mitigation": "Provide remediation for this threat or a reason if status is N/A",
"modelType": "STRIDE",
"new": false,
"number": 14,
"score": ""
}
]
},
"id": "8ce4fe50-f0f7-448c-9945-2f8c85079374",
"labels": [
"Web Traffic\n"
],
"source": {
"cell": "97f211c4-cd4b-411e-8479-e60cf7ff21c6"
},
"target": {
"cell": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c"
}
},
{
"position": {
"x": 290,
"y": 210
},
"size": {
"width": 140,
"height": 130
},
"attrs": {
"text": {
"text": "Web Client"
},
"body": {
"stroke": "#333333",
"strokeWidth": 1.5,
"strokeDasharray": null
}
},
"visible": true,
"shape": "process",
"zIndex": 11,
"id": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c",
"data": {
"type": "tm.Process",
"name": "Web Client",
"description": "",
"outOfScope": false,
"reasonOutOfScope": "",
"hasOpenThreats": false,
"handlesCardPayment": false,
"handlesGoodsOrServices": false,
"isWebApplication": false,
"privilegeLevel": "",
"threats": []
}
},
{
"position": {
"x": 840,
"y": 245
},
"size": {
"width": 120,
"height": 60
},
"attrs": {
"text": {
"text": "PostgreSQL"
},
"topLine": {
"strokeWidth": 1.5,
"strokeDasharray": null
},
"bottomLine": {
"strokeWidth": 1.5,
"strokeDasharray": null
}
},
"visible": true,
"shape": "store",
"zIndex": 12,
"id": "f3b93565-510d-4b23-9726-2e0e233e7e2c",
"data": {
"type": "tm.Store",
"name": "PostgreSQL",
"description": "",
"outOfScope": false,
"reasonOutOfScope": "",
"hasOpenThreats": false,
"isALog": false,
"isEncrypted": false,
"isSigned": false,
"storesCredentials": false,
"storesInventory": false,
"threats": []
}
},
{
"position": {
"x": 358.75,
"y": -100
},
"size": {
"width": 112.5,
"height": 60
},
"attrs": {
"text": {
"text": "Level 0 DFD"
}
},
"visible": true,
"shape": "td-text-block",
"zIndex": 16,
"id": "b2cdbfd5-8d17-42a2-94a1-5cd7d4f42712",
"data": {
"type": "tm.Text",
"name": "Level 0 DFD",
"hasOpenThreats": false
}
},
{
"position": {
"x": 511.25,
"y": 105
},
"size": {
"width": 140,
"height": 140
},
"attrs": {
"text": {
"text": "Identity API"
},
"body": {
"stroke": "#333333",
"strokeWidth": 1.5,
"strokeDasharray": null
}
},
"visible": true,
"shape": "process",
"id": "c41e1644-1f36-4e34-8573-d486052ea494",
"zIndex": 17,
"data": {
"type": "tm.Process",
"name": "Identity API",
"description": "Manages user and vehicle information. Written in Java.",
"outOfScope": false,
"reasonOutOfScope": "",
"hasOpenThreats": false,
"handlesCardPayment": false,
"handlesGoodsOrServices": false,
"isWebApplication": false,
"privilegeLevel": "",
"threats": []
}
},
{
"position": {
"x": 511.25,
"y": 320
},
"size": {
"width": 140,
"height": 150
},
"attrs": {
"text": {
"text": "Workshop API"
},
"body": {
"stroke": "#333333",
"strokeWidth": 1.5,
"strokeDasharray": null
}
},
"visible": true,
"shape": "process",
"id": "48256d04-53c3-4ad9-9815-fd8d27a022dd",
"zIndex": 18,
"data": {
"type": "tm.Process",
"name": "Workshop API",
"description": "Handles mechanic service requests using VIN and generates report using provided URL. Written in Python.",
"outOfScope": false,
"reasonOutOfScope": "",
"hasOpenThreats": false,
"handlesCardPayment": false,
"handlesGoodsOrServices": false,
"isWebApplication": false,
"privilegeLevel": "",
"threats": [
{
"id": "0f0c8228-fc44-4fbe-bcb2-765fb0783f37",
"title": "Server-Side Request Forgery",
"status": "Mitigated",
"severity": "Medium",
"type": "Tampering",
"description": "The attacker can indirectly access other systems through request manipulation.",
"mitigation": "Input validation.Disable URL redirection in the web client. Restrict network access via firewall rules.",
"modelType": "STRIDE",
"new": false,
"number": 15,
"score": ""
}
]
}
}
],
"description": "DFD-based threat model, grouping multiple processes"
}
],
"diagramTop": 4,
"reviewer": "Sr. Security Engineer",
"threatTop": 17
}

    }

Pastebinlink: pastebin.com/F14

2

It looks like you’ve completed this lab since adding this post. Please let us know if that’s not the case and you’re still having trouble.