Hands on Threat Modeling Juice Shop (Architecture)

Back to list of all Outcomes

Original Working Session content: Hands on Threat Modeling Juice Shop (Architecture)


Outcomes

Synopsis and Takeaways

The Session was very productive. A live copy of Juice shop was demonstrated to the room and shared via Google Hangouts, from which valuable input was given. Insight on how Juice shop functions was exhibited from code on the local server. During the demo the group created a model of the Juice Shop application in real-time. When we compared our session architecture diagram with current official architecture, we exposed differences of understanding. These diagrams spanned information from the browser, server, and file system. Injection processes that function with Juice shop were discussed.

The group moved from the question of “what is Juice Shop?” to “what can go wrong with Juice Shop?”. We decided that the first session would be a large group session to bring everyone up to speed, with later sessions consisting of smaller, dedicated teams.

Outcomes

  • Demonstrated that professionals can work from different points of view on this core topic
  • Decided that a threat model diagram can be created on Juice Shop in great detail
  • A useful architecture mapping diagram was created.

Working materials

Content


Back to list of all Outcomes

Edit this page here