Threat modeling lab - Last Flag

Danixuz · June 11, 2025, 8:19pm

Complete the threat modeling lab several times, but I always get the same answer.

Could you please get the last flag so I can continue learning?

CalmQuail2332 · June 11, 2025, 8:58pm

Hey there - as noted in the instructions, if you believe your model is correct but the grader says otherwise, please upload your JSON to pastebin and post it here so we can review it.

Danixuz · June 12, 2025, 1:44pm

Hello
Thank you for your cooperation

pastebin.com/D5dwjeB2

Danixuz · June 12, 2025, 1:48pm

Note that the route in the guide is wrong since the /Guided/ is missing.

CalmQuail2332 · June 13, 2025, 1:56pm

Hey there - we’ve reviewed your JSON and confirmed that the grader was failing for the following reasons:

Your “Workshop API” was outside of the “Data Center (Protected)” trust boundary.
You spelled “access” as “acces” in two places in the “Server-Side Request Forgery” threat.

That said, your model was correct otherwise, so I’ve messaged the flag to you.

M0ves01 · June 23, 2025, 8:13pm

I am also having issues getting the last flag. Here is my JSON for review. It’s saying I’ve done everything wrong but I can’t find any issues in my work