Threat Modeling Lab

Kantapong · September 24, 2025, 2:12pm

Please check where I am wrong.

Kantapong · September 24, 2025, 2:16pm

I’ve tried to check and fix it, but it’s still not successful

CalmQuail2332 · September 24, 2025, 2:54pm

It looks like you misspelled the threat associated with the Workshop API. In your JSON, you can see the title says “Sever-Side Request Forgery”

            {
              "id": "f3078d96-2c0f-4690-8312-c629350ff740",
              "title": "Sever-Side Request Forgery",
              "status": "Mitigated",
              "severity": "Medium",
              "type": "Tampering",
              "description": "The attacker can indirectly access other systems through request manipulation.",
              "mitigation": "Input validation. Disable URL redirection in the web client. Restrict network access via firewall rules.",
              "modelType": "STRIDE",
              "new": false,
              "number": 15,
              "score": ""
            }

SafeAardvark3169 · September 25, 2025, 2:26am

Hi, same issue with grade guided not assessing the model.
Pastebin: Threat Modelling Lab - Pastebin.com

CalmQuail2332 · September 25, 2025, 1:40pm

Based on the grader output, it sounds like you’ll need to double-check the connections between the Workshop API and the Database. As noted in the lab guide, when dragging the ends of your data flow to each entity, ensure a yellow box appears around that entity before you release in order that the data flow properly attaches to it.