API tools faq
paste
Guest User

Untitled

a guest
Jun 12th, 2025
34
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.46 KB | None | 0 0
raw download clone embed print report
  1. {
  2. "version": "2.2.0",
  3. "summary": {
  4. "title": "My Premium Dealership",
  5. "owner": "Jr. Security Engineer",
  6. "description": "\"My Premium Dealership\" is a B2C application with a micro-service architecture that allows users to request mechanic services for their vehicle.",
  7. "id": 0
  8. },
  9. "detail": {
  10. "contributors": [
  11. {
  12. "name": "Iman (Infra)"
  13. },
  14. {
  15. "name": "Devon (Development)"
  16. },
  17. {
  18. "name": "Suzy (Security)"
  19. },
  20. {
  21. "name": "Greta (GRC)"
  22. },
  23. {
  24. "name": "Sal (Stakeholder)"
  25. }
  26. ],
  27. "diagrams": [
  28. {
  29. "id": 0,
  30. "title": "mypremiumdealership.com",
  31. "diagramType": "STRIDE",
  32. "placeholder": "New STRIDE diagram description",
  33. "thumbnail": "./public/content/images/thumbnail.stride.jpg",
  34. "version": "2.2.0",
  35. "cells": [
  36. {
  37. "position": {
  38. "x": 6.999999999999872,
  39. "y": 210.00000000000023
  40. },
  41. "size": {
  42. "width": 170,
  43. "height": 110
  44. },
  45. "shape": "trust-boundary-box",
  46. "attrs": {
  47. "headerText": {
  48. "text": "Public network"
  49. }
  50. },
  51. "id": "27cfa9c9-a046-4c03-adc7-363b57bcee42",
  52. "zIndex": -1,
  53. "data": {
  54. "type": "tm.BoundaryBox",
  55. "name": "Public network",
  56. "description": "",
  57. "isTrustBoundary": true,
  58. "hasOpenThreats": false
  59. }
  60. },
  61. {
  62. "position": {
  63. "x": 259.99999999999875,
  64. "y": 70.00000000000159
  65. },
  66. "size": {
  67. "width": 420,
  68. "height": 340
  69. },
  70. "shape": "trust-boundary-box",
  71. "attrs": {
  72. "headerText": {
  73. "text": "Data center (protected)"
  74. }
  75. },
  76. "id": "1230f535-d0c4-4523-9337-89bcb8df7dca",
  77. "zIndex": -1,
  78. "data": {
  79. "type": "tm.BoundaryBox",
  80. "name": "Data center (protected)",
  81. "description": "",
  82. "isTrustBoundary": true,
  83. "hasOpenThreats": false
  84. }
  85. },
  86. {
  87. "position": {
  88. "x": 742,
  89. "y": 210
  90. },
  91. "size": {
  92. "width": 180,
  93. "height": 110
  94. },
  95. "shape": "trust-boundary-box",
  96. "attrs": {
  97. "headerText": {
  98. "text": "Data center (restricted)"
  99. }
  100. },
  101. "id": "5d56be2d-59b4-4de0-aeb0-29ddf4820b7d",
  102. "zIndex": -1,
  103. "data": {
  104. "type": "tm.BoundaryBox",
  105. "name": "Data center (restricted)",
  106. "description": "",
  107. "isTrustBoundary": true,
  108. "hasOpenThreats": false
  109. }
  110. },
  111. {
  112. "position": {
  113. "x": 40,
  114. "y": 245
  115. },
  116. "size": {
  117. "width": 112.5,
  118. "height": 60
  119. },
  120. "attrs": {
  121. "text": {
  122. "text": "User"
  123. },
  124. "body": {
  125. "stroke": "red",
  126. "strokeWidth": 2.5,
  127. "strokeDasharray": null
  128. }
  129. },
  130. "visible": true,
  131. "shape": "actor",
  132. "zIndex": 2,
  133. "id": "97f211c4-cd4b-411e-8479-e60cf7ff21c6",
  134. "data": {
  135. "type": "tm.Actor",
  136. "name": "User",
  137. "description": "",
  138. "outOfScope": false,
  139. "reasonOutOfScope": "",
  140. "hasOpenThreats": true,
  141. "providesAuthentication": true,
  142. "threats": [
  143. {
  144. "id": "09b498cb-d74f-4197-b25d-a00f136500c4",
  145. "title": "Account takeover",
  146. "status": "Open",
  147. "severity": "Medium",
  148. "type": "Spoofing",
  149. "description": "MFA not yet implemented",
  150. "mitigation": "Provide remediation for this threat or a reason if status is N/A",
  151. "modelType": "STRIDE",
  152. "new": false,
  153. "number": 13,
  154. "score": ""
  155. }
  156. ]
  157. }
  158. },
  159. {
  160. "shape": "flow",
  161. "attrs": {
  162. "line": {
  163. "stroke": "red",
  164. "strokeWidth": 2.5,
  165. "targetMarker": {
  166. "name": "block"
  167. },
  168. "sourceMarker": {
  169. "name": "block"
  170. },
  171. "strokeDasharray": null
  172. }
  173. },
  174. "width": 200,
  175. "height": 100,
  176. "zIndex": 10,
  177. "connector": "smooth",
  178. "data": {
  179. "type": "tm.Flow",
  180. "name": "Web Traffic\n",
  181. "description": "",
  182. "outOfScope": false,
  183. "reasonOutOfScope": "",
  184. "hasOpenThreats": true,
  185. "isBidirectional": true,
  186. "isEncrypted": false,
  187. "isPublicNetwork": true,
  188. "protocol": "HTTP",
  189. "threats": [
  190. {
  191. "id": "de96f595-ebbe-43af-b4f2-0e5ed8e7aa80",
  192. "title": "CRedential Sniffing ",
  193. "status": "Open",
  194. "severity": "Medium",
  195. "type": "Information disclosure",
  196. "description": "Unencrypted traffic exposes user credentials",
  197. "mitigation": "Provide remediation for this threat or a reason if status is N/A",
  198. "modelType": "STRIDE",
  199. "new": false,
  200. "number": 14,
  201. "score": ""
  202. }
  203. ]
  204. },
  205. "id": "8ce4fe50-f0f7-448c-9945-2f8c85079374",
  206. "labels": [
  207. "Web Traffic\n"
  208. ],
  209. "source": {
  210. "cell": "97f211c4-cd4b-411e-8479-e60cf7ff21c6"
  211. },
  212. "target": {
  213. "cell": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c"
  214. }
  215. },
  216. {
  217. "shape": "flow",
  218. "attrs": {
  219. "line": {
  220. "stroke": "#333333",
  221. "targetMarker": {
  222. "name": "block"
  223. },
  224. "sourceMarker": {
  225. "name": "block"
  226. },
  227. "strokeDasharray": null
  228. }
  229. },
  230. "width": 200,
  231. "height": 100,
  232. "zIndex": 10,
  233. "connector": "smooth",
  234. "data": {
  235. "type": "tm.Flow",
  236. "name": "Data Flow",
  237. "description": "",
  238. "outOfScope": false,
  239. "reasonOutOfScope": "",
  240. "hasOpenThreats": false,
  241. "isBidirectional": true,
  242. "isEncrypted": false,
  243. "isPublicNetwork": false,
  244. "protocol": "",
  245. "threats": []
  246. },
  247. "id": "905c8bdc-7c82-4308-868d-fd57d87748ca",
  248. "source": {
  249. "cell": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c"
  250. },
  251. "target": {
  252. "cell": "73a68777-f94f-4117-aad7-4a63dad018f7"
  253. },
  254. "vertices": [
  255. {
  256. "x": 490,
  257. "y": 200
  258. }
  259. ]
  260. },
  261. {
  262. "shape": "flow",
  263. "attrs": {
  264. "line": {
  265. "stroke": "#333333",
  266. "targetMarker": {
  267. "name": "block"
  268. },
  269. "sourceMarker": {
  270. "name": "block"
  271. },
  272. "strokeDasharray": null
  273. }
  274. },
  275. "width": 200,
  276. "height": 100,
  277. "zIndex": 10,
  278. "connector": "smooth",
  279. "data": {
  280. "type": "tm.Flow",
  281. "name": "Data Flow",
  282. "description": "",
  283. "outOfScope": false,
  284. "reasonOutOfScope": "",
  285. "hasOpenThreats": false,
  286. "isBidirectional": true,
  287. "isEncrypted": false,
  288. "isPublicNetwork": false,
  289. "protocol": "",
  290. "threats": []
  291. },
  292. "id": "bad1f699-9c9b-4c09-a1a4-69f8cba7bf6d",
  293. "source": {
  294. "cell": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c"
  295. },
  296. "target": {
  297. "cell": "44f32458-b97a-49da-b9aa-b98efc30b069"
  298. }
  299. },
  300. {
  301. "shape": "flow",
  302. "attrs": {
  303. "line": {
  304. "stroke": "#333333",
  305. "targetMarker": {
  306. "name": "block"
  307. },
  308. "sourceMarker": {
  309. "name": "block"
  310. },
  311. "strokeDasharray": null
  312. }
  313. },
  314. "width": 200,
  315. "height": 100,
  316. "zIndex": 10,
  317. "connector": "smooth",
  318. "data": {
  319. "type": "tm.Flow",
  320. "name": "Data Flow",
  321. "description": "",
  322. "outOfScope": false,
  323. "reasonOutOfScope": "",
  324. "hasOpenThreats": false,
  325. "isBidirectional": true,
  326. "isEncrypted": false,
  327. "isPublicNetwork": false,
  328. "protocol": "",
  329. "threats": []
  330. },
  331. "id": "53ee0086-884c-4eca-bb9d-fb5bc4a6364c",
  332. "source": {
  333. "cell": "73a68777-f94f-4117-aad7-4a63dad018f7"
  334. },
  335. "target": {
  336. "cell": "f3b93565-510d-4b23-9726-2e0e233e7e2c"
  337. }
  338. },
  339. {
  340. "shape": "flow",
  341. "attrs": {
  342. "line": {
  343. "stroke": "#333333",
  344. "targetMarker": {
  345. "name": "block"
  346. },
  347. "sourceMarker": {
  348. "name": "block"
  349. },
  350. "strokeDasharray": null
  351. }
  352. },
  353. "width": 200,
  354. "height": 100,
  355. "zIndex": 10,
  356. "connector": "smooth",
  357. "data": {
  358. "type": "tm.Flow",
  359. "name": "Data Flow",
  360. "description": "",
  361. "outOfScope": false,
  362. "reasonOutOfScope": "",
  363. "hasOpenThreats": false,
  364. "isBidirectional": true,
  365. "isEncrypted": false,
  366. "isPublicNetwork": false,
  367. "protocol": "",
  368. "threats": []
  369. },
  370. "id": "bd4799ed-4a36-4dd5-9041-11b77425f16a",
  371. "source": {
  372. "cell": "44f32458-b97a-49da-b9aa-b98efc30b069"
  373. },
  374. "target": {
  375. "cell": "f3b93565-510d-4b23-9726-2e0e233e7e2c"
  376. }
  377. },
  378. {
  379. "position": {
  380. "x": 290,
  381. "y": 210
  382. },
  383. "size": {
  384. "width": 140,
  385. "height": 130
  386. },
  387. "attrs": {
  388. "text": {
  389. "text": "Web Client"
  390. },
  391. "body": {
  392. "stroke": "#333333",
  393. "strokeWidth": 1.5,
  394. "strokeDasharray": null
  395. }
  396. },
  397. "visible": true,
  398. "shape": "process",
  399. "zIndex": 11,
  400. "id": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c",
  401. "data": {
  402. "type": "tm.Process",
  403. "name": "Web Client",
  404. "description": "",
  405. "outOfScope": false,
  406. "reasonOutOfScope": "",
  407. "hasOpenThreats": false,
  408. "handlesCardPayment": false,
  409. "handlesGoodsOrServices": false,
  410. "isWebApplication": false,
  411. "privilegeLevel": "",
  412. "threats": []
  413. }
  414. },
  415. {
  416. "position": {
  417. "x": 770,
  418. "y": 245
  419. },
  420. "size": {
  421. "width": 120,
  422. "height": 60
  423. },
  424. "attrs": {
  425. "text": {
  426. "text": "PostgreSQL"
  427. },
  428. "topLine": {
  429. "strokeWidth": 1.5,
  430. "strokeDasharray": null
  431. },
  432. "bottomLine": {
  433. "strokeWidth": 1.5,
  434. "strokeDasharray": null
  435. }
  436. },
  437. "visible": true,
  438. "shape": "store",
  439. "zIndex": 12,
  440. "id": "f3b93565-510d-4b23-9726-2e0e233e7e2c",
  441. "data": {
  442. "type": "tm.Store",
  443. "name": "PostgreSQL",
  444. "description": "",
  445. "outOfScope": false,
  446. "reasonOutOfScope": "",
  447. "hasOpenThreats": false,
  448. "isALog": false,
  449. "isEncrypted": false,
  450. "isSigned": false,
  451. "storesCredentials": false,
  452. "storesInventory": false,
  453. "threats": []
  454. }
  455. },
  456. {
  457. "position": {
  458. "x": 358.75,
  459. "y": -100
  460. },
  461. "size": {
  462. "width": 112.5,
  463. "height": 60
  464. },
  465. "attrs": {
  466. "text": {
  467. "text": "Level 0 DFD"
  468. }
  469. },
  470. "visible": true,
  471. "shape": "td-text-block",
  472. "zIndex": 16,
  473. "id": "b2cdbfd5-8d17-42a2-94a1-5cd7d4f42712",
  474. "data": {
  475. "type": "tm.Text",
  476. "name": "Level 0 DFD",
  477. "hasOpenThreats": false
  478. }
  479. },
  480. {
  481. "position": {
  482. "x": 505,
  483. "y": 115
  484. },
  485. "size": {
  486. "width": 170,
  487. "height": 130
  488. },
  489. "attrs": {
  490. "text": {
  491. "text": "Identity Api"
  492. },
  493. "body": {
  494. "stroke": "#333333",
  495. "strokeWidth": 1.5,
  496. "strokeDasharray": null
  497. }
  498. },
  499. "visible": true,
  500. "shape": "process",
  501. "id": "73a68777-f94f-4117-aad7-4a63dad018f7",
  502. "zIndex": 17,
  503. "data": {
  504. "type": "tm.Process",
  505. "name": "Identity Api",
  506. "description": "Manages user and vehicle information written in java.",
  507. "outOfScope": false,
  508. "reasonOutOfScope": "",
  509. "hasOpenThreats": false,
  510. "handlesCardPayment": false,
  511. "handlesGoodsOrServices": false,
  512. "isWebApplication": false,
  513. "privilegeLevel": "",
  514. "threats": []
  515. }
  516. },
  517. {
  518. "position": {
  519. "x": 490,
  520. "y": 270.0000000000003
  521. },
  522. "size": {
  523. "width": 200,
  524. "height": 120
  525. },
  526. "attrs": {
  527. "text": {
  528. "text": "Workshop API"
  529. },
  530. "body": {
  531. "stroke": "#333333",
  532. "strokeWidth": 1.5,
  533. "strokeDasharray": null
  534. }
  535. },
  536. "visible": true,
  537. "shape": "process",
  538. "id": "44f32458-b97a-49da-b9aa-b98efc30b069",
  539. "zIndex": 18,
  540. "data": {
  541. "type": "tm.Process",
  542. "name": "Workshop API",
  543. "description": "Handles mechanic service request using VIN and Generates report using provided url Written in python",
  544. "outOfScope": false,
  545. "reasonOutOfScope": "",
  546. "hasOpenThreats": false,
  547. "handlesCardPayment": false,
  548. "handlesGoodsOrServices": false,
  549. "isWebApplication": false,
  550. "privilegeLevel": "",
  551. "threats": [
  552. {
  553. "id": "95c53396-c32d-44e3-ae5d-751c242ecbd1",
  554. "title": "Server-side request forgery ",
  555. "status": "Mitigated",
  556. "severity": "Medium",
  557. "type": "Tampering",
  558. "description": "The attacker can indirectly acces other systems througth request manipulation.",
  559. "mitigation": "Input validation. Disable url redirection in the web client. Restrict network acces via firewall rules",
  560. "modelType": "STRIDE",
  561. "new": false,
  562. "number": 15,
  563. "score": ""
  564. }
  565. ]
  566. }
  567. }
  568. ],
  569. "description": "DFD-based threat model, grouping multiple processes"
  570. }
  571. ],
  572. "diagramTop": 4,
  573. "reviewer": "Sr. Security Engineer",
  574. "threatTop": 15
  575. }
  576. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!