Hands on Threat Modeling Juice Shop (New features)

Back to list of all Outcomes

Original Working Session content: Hands on Threat Modeling Juice Shop (New features)


  • Set of models checked in
  • Possibly sets of requirements or assumptions

Synopsis and Takeaways

This session discussed the current and in-development features of Juice Shop. The focus was on an in-development feature, called Two-Factor-Authentication. Using TOTP technology (one-time password) in the authentication process was also discussed, and a diagram was created. An additional sequence diagram was created on how data interacts with a user in Two-Factor-Authentication. (see photogaphs below)

Other features such as invoice tracking, delivery and email services were also discussed. Potential publishing a cheat sheet of dos and don’ts when using Data flow modelling.

Key Takeaways

  • Created a sequence diagram of Two-Factor-Authentication information
  • Created a data flow diagram on new and improved features for Juice Shop
  • The architectural possibilities highlighted in the discussion allow new features to be added
  • A Cheat Sheet of do’s and don’ts when using Data flow modelling to be created
  • “Juice Shop left overs” (product) to be picked up by a third party for recycling and compost
  • To create a feature for Invoice tracking, for the accounting team using a separate UI dialog, in Juice Shop that will use XML or CSV files
  • A diagram that can be extended into a fully reusable threat model will be the final published product

Working materials


Back to list of all Outcomes

Edit this page here