Hands on Threat Modeling Juice Shop (Attacking 2)
Get together to continue to use the models of Juice Shop to find problems with it, learn threat modelling, and deliver examples.
Dinis proposed a set of evening sessions to create threat model artefacts & examples for the Juice Shop vulnerable app.
Using the diagrams that show various aspects of Juice Shop (model 1: What’s the app? model 2: How does it get deployed? Model 3: How is it “developed and maintained”? etc.), apply various techniques to answer the question “what can go wrong?”
Techniques might include brainstorming, STRIDE, top-10, PASTA, CAPEC, attack trees, or your favourite.
- Lists of attacks checked in
- Possibly sets of requirements or assumptions
The target audience for this Working Session is:
- Participants in the threat modeling track
- Participants interested in Juice Shop
- Those who want to learn to threat model
- Juice Shop Staging Environment: http://juice-shop-staging.herokuapp.com
Much of the output is in https://owaspsummit.org/Working-Sessions/Threat-Model/Threat-Modeling-by-Feature-and-Layer.html
Related Working Session(s)
Back to list of all Working Sessions and Tracks
Edit this page here