API tools faq
paste
Guest User

Untitled

a guest
Jul 22nd, 2025
22
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.00 KB | None | 0 0
raw download clone embed print report
  1. {
  2. "version": "2.2.0",
  3. "summary": {
  4. "title": "My Premium Dealership",
  5. "owner": "Jr. Security Engineer",
  6. "description": "\"My Premium Dealership\" is a B2C application with a micro-service architecture that allows users to request mechanic services for their vehicle. ",
  7. "id": 0
  8. },
  9. "detail": {
  10. "contributors": [
  11. {
  12. "name": "Iman (Infra)"
  13. },
  14. {
  15. "name": "Devon (Development)"
  16. },
  17. {
  18. "name": "Suzy (Security)"
  19. },
  20. {
  21. "name": "Greta (GRC)"
  22. },
  23. {
  24. "name": "Sal (Stakeholder)"
  25. }
  26. ],
  27. "diagrams": [
  28. {
  29. "id": 0,
  30. "title": "mypremiumdealership.com",
  31. "diagramType": "STRIDE",
  32. "placeholder": "New STRIDE diagram description",
  33. "thumbnail": "./public/content/images/thumbnail.stride.jpg",
  34. "version": "2.2.0",
  35. "cells": [
  36. {
  37. "position": {
  38. "x": -3.7500000000003126,
  39. "y": 75.00000000000011
  40. },
  41. "size": {
  42. "width": 170,
  43. "height": 360
  44. },
  45. "shape": "trust-boundary-box",
  46. "attrs": {
  47. "headerText": {
  48. "text": "Public Network"
  49. }
  50. },
  51. "zIndex": -1,
  52. "id": "08345bac-7f6f-425e-8a96-a203b6722bc8",
  53. "data": {
  54. "type": "tm.BoundaryBox",
  55. "name": "Public Network",
  56. "description": "",
  57. "isTrustBoundary": true,
  58. "hasOpenThreats": false
  59. }
  60. },
  61. {
  62. "position": {
  63. "x": 234.9999999999999,
  64. "y": 75.0000000000002
  65. },
  66. "size": {
  67. "width": 360,
  68. "height": 360
  69. },
  70. "shape": "trust-boundary-box",
  71. "attrs": {
  72. "headerText": {
  73. "text": "Data Center (Protected)"
  74. }
  75. },
  76. "zIndex": -1,
  77. "id": "9708d85d-4475-4d31-98ba-7f890f487940",
  78. "data": {
  79. "type": "tm.BoundaryBox",
  80. "name": "Data Center (Protected)",
  81. "description": "",
  82. "isTrustBoundary": true,
  83. "hasOpenThreats": false
  84. }
  85. },
  86. {
  87. "position": {
  88. "x": 679.9999999999998,
  89. "y": 70.00000000000011
  90. },
  91. "size": {
  92. "width": 230,
  93. "height": 370
  94. },
  95. "shape": "trust-boundary-box",
  96. "attrs": {
  97. "headerText": {
  98. "text": "Data Center (Restricted)"
  99. }
  100. },
  101. "zIndex": -1,
  102. "id": "a69562de-853a-4eca-8008-d0a2edf3ac6e",
  103. "data": {
  104. "type": "tm.BoundaryBox",
  105. "name": "Data Center (Restricted)",
  106. "description": "",
  107. "isTrustBoundary": true,
  108. "hasOpenThreats": false
  109. }
  110. },
  111. {
  112. "position": {
  113. "x": 20,
  114. "y": 150
  115. },
  116. "size": {
  117. "width": 112.5,
  118. "height": 60
  119. },
  120. "attrs": {
  121. "text": {
  122. "text": "User"
  123. },
  124. "body": {
  125. "stroke": "red",
  126. "strokeWidth": 2.5,
  127. "strokeDasharray": null
  128. }
  129. },
  130. "visible": true,
  131. "shape": "actor",
  132. "zIndex": 2,
  133. "id": "97f211c4-cd4b-411e-8479-e60cf7ff21c6",
  134. "data": {
  135. "type": "tm.Actor",
  136. "name": "User",
  137. "description": "",
  138. "outOfScope": false,
  139. "reasonOutOfScope": "",
  140. "hasOpenThreats": true,
  141. "providesAuthentication": true,
  142. "threats": [
  143. {
  144. "id": "e2cb57d6-ab78-4dc1-8e0c-2c91e982609a",
  145. "title": "Account Takeover",
  146. "status": "Open",
  147. "severity": "Medium",
  148. "type": "Spoofing",
  149. "description": "MFA not yet implemented.",
  150. "mitigation": "Provide remediation for this threat or a reason if status is N/A",
  151. "modelType": "STRIDE",
  152. "new": false,
  153. "number": 13,
  154. "score": ""
  155. }
  156. ]
  157. }
  158. },
  159. {
  160. "shape": "flow",
  161. "attrs": {
  162. "line": {
  163. "stroke": "#333333",
  164. "targetMarker": {
  165. "name": "block"
  166. },
  167. "sourceMarker": {
  168. "name": "block"
  169. },
  170. "strokeDasharray": null
  171. }
  172. },
  173. "width": 200,
  174. "height": 100,
  175. "zIndex": 10,
  176. "connector": "smooth",
  177. "data": {
  178. "type": "tm.Flow",
  179. "name": "Data Flow",
  180. "description": "",
  181. "outOfScope": false,
  182. "reasonOutOfScope": "",
  183. "hasOpenThreats": false,
  184. "isBidirectional": true,
  185. "isEncrypted": false,
  186. "isPublicNetwork": false,
  187. "protocol": "",
  188. "threats": []
  189. },
  190. "id": "efca1f7d-585b-464c-a248-115e47faa17e",
  191. "source": {
  192. "cell": "c12ebdc9-5206-4a36-bed1-393ef6b33c54"
  193. },
  194. "target": {
  195. "cell": "f3b93565-510d-4b23-9726-2e0e233e7e2c"
  196. }
  197. },
  198. {
  199. "shape": "flow",
  200. "attrs": {
  201. "line": {
  202. "stroke": "#333333",
  203. "targetMarker": {
  204. "name": "block"
  205. },
  206. "sourceMarker": {
  207. "name": "block"
  208. },
  209. "strokeDasharray": null
  210. }
  211. },
  212. "width": 200,
  213. "height": 100,
  214. "zIndex": 10,
  215. "connector": "smooth",
  216. "data": {
  217. "type": "tm.Flow",
  218. "name": "Data Flow",
  219. "description": "",
  220. "outOfScope": false,
  221. "reasonOutOfScope": "",
  222. "hasOpenThreats": false,
  223. "isBidirectional": true,
  224. "isEncrypted": false,
  225. "isPublicNetwork": false,
  226. "protocol": "",
  227. "threats": []
  228. },
  229. "id": "ac9a30dc-b439-4149-adf3-b1ebf9bcce7e",
  230. "source": {
  231. "cell": "966a7aaa-80b9-4a8b-9eb6-197286fffa1c"
  232. },
  233. "target": {
  234. "cell": "f3b93565-510d-4b23-9726-2e0e233e7e2c"
  235. }
  236. },
  237. {
  238. "shape": "flow",
  239. "attrs": {
  240. "line": {
  241. "stroke": "#333333",
  242. "targetMarker": {
  243. "name": "block"
  244. },
  245. "sourceMarker": {
  246. "name": "block"
  247. },
  248. "strokeDasharray": null
  249. }
  250. },
  251. "width": 200,
  252. "height": 100,
  253. "zIndex": 10,
  254. "connector": "smooth",
  255. "data": {
  256. "type": "tm.Flow",
  257. "name": "REST",
  258. "description": "",
  259. "outOfScope": false,
  260. "reasonOutOfScope": "",
  261. "hasOpenThreats": false,
  262. "isBidirectional": true,
  263. "isEncrypted": false,
  264. "isPublicNetwork": false,
  265. "protocol": "HTTP",
  266. "threats": []
  267. },
  268. "id": "670fdc61-a5d9-4228-8771-39c0d7688bf7",
  269. "labels": [
  270. "REST"
  271. ],
  272. "source": {
  273. "cell": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c"
  274. },
  275. "target": {
  276. "cell": "c12ebdc9-5206-4a36-bed1-393ef6b33c54"
  277. }
  278. },
  279. {
  280. "shape": "flow",
  281. "attrs": {
  282. "line": {
  283. "stroke": "#333333",
  284. "targetMarker": {
  285. "name": "block"
  286. },
  287. "sourceMarker": {
  288. "name": "block"
  289. },
  290. "strokeDasharray": null
  291. }
  292. },
  293. "width": 200,
  294. "height": 100,
  295. "zIndex": 10,
  296. "connector": "smooth",
  297. "data": {
  298. "type": "tm.Flow",
  299. "name": "REST",
  300. "description": "",
  301. "outOfScope": false,
  302. "reasonOutOfScope": "",
  303. "hasOpenThreats": false,
  304. "isBidirectional": true,
  305. "isEncrypted": false,
  306. "isPublicNetwork": false,
  307. "protocol": "",
  308. "threats": []
  309. },
  310. "id": "3c8361cd-8e17-4ada-9ea6-4c214e8267fa",
  311. "labels": [
  312. "REST"
  313. ],
  314. "source": {
  315. "cell": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c"
  316. },
  317. "target": {
  318. "cell": "966a7aaa-80b9-4a8b-9eb6-197286fffa1c"
  319. },
  320. "vertices": [
  321. {
  322. "x": 400,
  323. "y": 300
  324. }
  325. ]
  326. },
  327. {
  328. "shape": "flow",
  329. "attrs": {
  330. "line": {
  331. "stroke": "#333333",
  332. "targetMarker": {
  333. "name": "block"
  334. },
  335. "sourceMarker": {
  336. "name": "block"
  337. },
  338. "strokeDasharray": null
  339. }
  340. },
  341. "width": 200,
  342. "height": 100,
  343. "zIndex": 10,
  344. "connector": "smooth",
  345. "data": {
  346. "type": "tm.Flow",
  347. "name": "Web Traffic",
  348. "description": "",
  349. "outOfScope": false,
  350. "reasonOutOfScope": "",
  351. "hasOpenThreats": false,
  352. "isBidirectional": true,
  353. "isEncrypted": true,
  354. "isPublicNetwork": true,
  355. "protocol": "HTTPS",
  356. "threats": [
  357. {
  358. "id": "6cce44c1-09a5-436a-8c6e-76f0b8613e53",
  359. "title": "Credential Sniffing",
  360. "status": "Mitigated",
  361. "severity": "Medium",
  362. "type": "Information disclosure",
  363. "description": "Unencrypted traffic exposes user credentials",
  364. "mitigation": "Implement HTTPS to encrypt data-in-transit",
  365. "modelType": "STRIDE",
  366. "new": false,
  367. "number": 16,
  368. "score": ""
  369. }
  370. ]
  371. },
  372. "id": "26203791-f7f3-4db5-99b9-bfada293e7f3",
  373. "labels": [
  374. "Web Traffic"
  375. ],
  376. "source": {
  377. "cell": "97f211c4-cd4b-411e-8479-e60cf7ff21c6"
  378. },
  379. "target": {
  380. "cell": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c"
  381. }
  382. },
  383. {
  384. "position": {
  385. "x": 250,
  386. "y": 190.0000000000001
  387. },
  388. "size": {
  389. "width": 140,
  390. "height": 130
  391. },
  392. "attrs": {
  393. "text": {
  394. "text": "Web Client"
  395. },
  396. "body": {
  397. "stroke": "#333333",
  398. "strokeWidth": 1.5,
  399. "strokeDasharray": null
  400. }
  401. },
  402. "visible": true,
  403. "shape": "process",
  404. "zIndex": 11,
  405. "id": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c",
  406. "data": {
  407. "type": "tm.Process",
  408. "name": "Web Client",
  409. "description": "",
  410. "outOfScope": false,
  411. "reasonOutOfScope": "",
  412. "hasOpenThreats": false,
  413. "handlesCardPayment": false,
  414. "handlesGoodsOrServices": false,
  415. "isWebApplication": false,
  416. "privilegeLevel": "",
  417. "threats": []
  418. }
  419. },
  420. {
  421. "position": {
  422. "x": 734.9999999999998,
  423. "y": 190.0000000000001
  424. },
  425. "size": {
  426. "width": 120,
  427. "height": 60
  428. },
  429. "attrs": {
  430. "text": {
  431. "text": "PostgreSQL"
  432. },
  433. "topLine": {
  434. "strokeWidth": 1.5,
  435. "strokeDasharray": null
  436. },
  437. "bottomLine": {
  438. "strokeWidth": 1.5,
  439. "strokeDasharray": null
  440. }
  441. },
  442. "visible": true,
  443. "shape": "store",
  444. "zIndex": 12,
  445. "id": "f3b93565-510d-4b23-9726-2e0e233e7e2c",
  446. "data": {
  447. "type": "tm.Store",
  448. "name": "PostgreSQL",
  449. "description": "",
  450. "outOfScope": false,
  451. "reasonOutOfScope": "",
  452. "hasOpenThreats": false,
  453. "isALog": false,
  454. "isEncrypted": false,
  455. "isSigned": false,
  456. "storesCredentials": false,
  457. "storesInventory": false,
  458. "threats": []
  459. }
  460. },
  461. {
  462. "position": {
  463. "x": 431.25,
  464. "y": 130.0000000000001
  465. },
  466. "size": {
  467. "width": 150,
  468. "height": 130
  469. },
  470. "attrs": {
  471. "text": {
  472. "text": "Identity API"
  473. },
  474. "body": {
  475. "stroke": "#333333",
  476. "strokeWidth": 1.5,
  477. "strokeDasharray": null
  478. }
  479. },
  480. "visible": true,
  481. "shape": "process",
  482. "zIndex": 21,
  483. "id": "c12ebdc9-5206-4a36-bed1-393ef6b33c54",
  484. "data": {
  485. "type": "tm.Process",
  486. "name": "Identity API",
  487. "description": "Handles user signup and login. Written in Java.",
  488. "outOfScope": false,
  489. "reasonOutOfScope": "",
  490. "hasOpenThreats": false,
  491. "handlesCardPayment": false,
  492. "handlesGoodsOrServices": false,
  493. "isWebApplication": false,
  494. "privilegeLevel": "",
  495. "threats": []
  496. }
  497. },
  498. {
  499. "position": {
  500. "x": 431.25,
  501. "y": 295
  502. },
  503. "size": {
  504. "width": 150,
  505. "height": 130
  506. },
  507. "attrs": {
  508. "text": {
  509. "text": "Workshop API"
  510. },
  511. "body": {
  512. "stroke": "#333333",
  513. "strokeWidth": 1.5,
  514. "strokeDasharray": null
  515. }
  516. },
  517. "visible": true,
  518. "shape": "process",
  519. "zIndex": 22,
  520. "id": "966a7aaa-80b9-4a8b-9eb6-197286fffa1c",
  521. "data": {
  522. "type": "tm.Process",
  523. "name": "Workshop API",
  524. "description": "Handles mechanic service requests using VIN and generates report using provided URL. Written in Python.",
  525. "outOfScope": false,
  526. "reasonOutOfScope": "",
  527. "hasOpenThreats": false,
  528. "handlesCardPayment": false,
  529. "handlesGoodsOrServices": false,
  530. "isWebApplication": false,
  531. "privilegeLevel": "",
  532. "threats": [
  533. {
  534. "id": "173052b2-5abf-4da5-931d-edaf4ee93972",
  535. "title": "Server-Side Request Forgery",
  536. "status": "Mitigated",
  537. "severity": "Medium",
  538. "type": "Tampering",
  539. "description": "The attacker can indirectly access other systems through request manipulation.",
  540. "mitigation": "Input validation. Disable URL redirection in the web client. Restrict network access via firewall rules.",
  541. "modelType": "STRIDE",
  542. "new": false,
  543. "number": 15,
  544. "score": ""
  545. }
  546. ]
  547. }
  548. }
  549. ],
  550. "description": "Threat Model for \"My Premium Dealership,\" a microservice architecture B2C application."
  551. }
  552. ],
  553. "diagramTop": 4,
  554. "reviewer": "Sr. Security Engineer",
  555. "threatTop": 18
  556. }
  557. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!