API tools faq
paste
Guest User

Untitled

a guest
Oct 31st, 2025
16
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.99 KB | None | 0 0
raw download clone embed print report
  1. {
  2. "version": "2.2.0",
  3. "summary": {
  4. "title": "My Premium Dealership",
  5. "owner": "Jr. Security Engineer",
  6. "description": "\"My Premium Dealership\" is a B2C application with a micro-service architecture that allows users to request mechanic services for their vehicle. ",
  7. "id": 0
  8. },
  9. "detail": {
  10. "contributors": [
  11. {
  12. "name": "Iman (Infra)"
  13. },
  14. {
  15. "name": "Devon (Development)"
  16. },
  17. {
  18. "name": "Suzy (Security)"
  19. },
  20. {
  21. "name": "Greta (GRC)"
  22. },
  23. {
  24. "name": "Sal (Stakeholder)"
  25. }
  26. ],
  27. "diagrams": [
  28. {
  29. "id": 0,
  30. "title": "mypremiumdealership.com",
  31. "diagramType": "STRIDE",
  32. "placeholder": "New STRIDE diagram description",
  33. "thumbnail": "./public/content/images/thumbnail.stride.jpg",
  34. "version": "2.2.0",
  35. "cells": [
  36. {
  37. "position": {
  38. "x": 10,
  39. "y": 75.0000000000002
  40. },
  41. "size": {
  42. "width": 170,
  43. "height": 360
  44. },
  45. "shape": "trust-boundary-box",
  46. "attrs": {
  47. "headerText": {
  48. "text": "Public Network"
  49. }
  50. },
  51. "zIndex": -1,
  52. "id": "08345bac-7f6f-425e-8a96-a203b6722bc8",
  53. "data": {
  54. "type": "tm.BoundaryBox",
  55. "name": "Public Network",
  56. "description": "",
  57. "isTrustBoundary": true,
  58. "hasOpenThreats": false
  59. }
  60. },
  61. {
  62. "position": {
  63. "x": 234.9999999999999,
  64. "y": 75.0000000000002
  65. },
  66. "size": {
  67. "width": 360,
  68. "height": 360
  69. },
  70. "shape": "trust-boundary-box",
  71. "attrs": {
  72. "headerText": {
  73. "text": "Data Center (Protected)"
  74. }
  75. },
  76. "zIndex": -1,
  77. "id": "9708d85d-4475-4d31-98ba-7f890f487940",
  78. "data": {
  79. "type": "tm.BoundaryBox",
  80. "name": "Data Center (Protected)",
  81. "description": "",
  82. "isTrustBoundary": true,
  83. "hasOpenThreats": false
  84. }
  85. },
  86. {
  87. "position": {
  88. "x": 679.9999999999998,
  89. "y": 70.00000000000011
  90. },
  91. "size": {
  92. "width": 230,
  93. "height": 370
  94. },
  95. "shape": "trust-boundary-box",
  96. "attrs": {
  97. "headerText": {
  98. "text": "Data Center (Restricted)"
  99. }
  100. },
  101. "zIndex": -1,
  102. "id": "a69562de-853a-4eca-8008-d0a2edf3ac6e",
  103. "data": {
  104. "type": "tm.BoundaryBox",
  105. "name": "Data Center (Restricted)",
  106. "description": "",
  107. "isTrustBoundary": true,
  108. "hasOpenThreats": false
  109. }
  110. },
  111. {
  112. "position": {
  113. "x": 38.75,
  114. "y": 150
  115. },
  116. "size": {
  117. "width": 112.5,
  118. "height": 60
  119. },
  120. "attrs": {
  121. "text": {
  122. "text": "User"
  123. },
  124. "body": {
  125. "stroke": "red",
  126. "strokeWidth": 2.5,
  127. "strokeDasharray": null
  128. }
  129. },
  130. "visible": true,
  131. "shape": "actor",
  132. "zIndex": 2,
  133. "id": "97f211c4-cd4b-411e-8479-e60cf7ff21c6",
  134. "data": {
  135. "type": "tm.Actor",
  136. "name": "User",
  137. "description": "",
  138. "outOfScope": false,
  139. "reasonOutOfScope": "",
  140. "hasOpenThreats": true,
  141. "providesAuthentication": true,
  142. "threats": [
  143. {
  144. "id": "e2cb57d6-ab78-4dc1-8e0c-2c91e982609a",
  145. "title": "Account Takeover",
  146. "status": "Open",
  147. "severity": "Medium",
  148. "type": "Spoofing",
  149. "description": "MFA not yet implemented.",
  150. "mitigation": "Provide remediation for this threat or a reason if status is N/A",
  151. "modelType": "STRIDE",
  152. "new": false,
  153. "number": 13,
  154. "score": ""
  155. }
  156. ]
  157. }
  158. },
  159. {
  160. "shape": "flow",
  161. "attrs": {
  162. "line": {
  163. "stroke": "#333333",
  164. "targetMarker": {
  165. "name": "block"
  166. },
  167. "sourceMarker": {
  168. "name": "block"
  169. },
  170. "strokeDasharray": null
  171. }
  172. },
  173. "width": 200,
  174. "height": 100,
  175. "zIndex": 10,
  176. "connector": "smooth",
  177. "data": {
  178. "type": "tm.Flow",
  179. "name": "REST",
  180. "description": "",
  181. "outOfScope": false,
  182. "reasonOutOfScope": "",
  183. "hasOpenThreats": false,
  184. "isBidirectional": true,
  185. "isEncrypted": false,
  186. "isPublicNetwork": false,
  187. "protocol": "HTTP",
  188. "threats": []
  189. },
  190. "id": "670fdc61-a5d9-4228-8771-39c0d7688bf7",
  191. "labels": [
  192. "REST"
  193. ],
  194. "source": {
  195. "cell": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c"
  196. },
  197. "target": {
  198. "cell": "c12ebdc9-5206-4a36-bed1-393ef6b33c54"
  199. }
  200. },
  201. {
  202. "shape": "flow",
  203. "attrs": {
  204. "line": {
  205. "stroke": "#333333",
  206. "targetMarker": {
  207. "name": "block"
  208. },
  209. "sourceMarker": {
  210. "name": "block"
  211. },
  212. "strokeDasharray": null
  213. }
  214. },
  215. "width": 200,
  216. "height": 100,
  217. "zIndex": 10,
  218. "connector": "smooth",
  219. "data": {
  220. "type": "tm.Flow",
  221. "name": "REST",
  222. "description": "",
  223. "outOfScope": false,
  224. "reasonOutOfScope": "",
  225. "hasOpenThreats": false,
  226. "isBidirectional": true,
  227. "isEncrypted": false,
  228. "isPublicNetwork": false,
  229. "protocol": "",
  230. "threats": []
  231. },
  232. "id": "3c8361cd-8e17-4ada-9ea6-4c214e8267fa",
  233. "labels": [
  234. "REST"
  235. ],
  236. "source": {
  237. "cell": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c"
  238. },
  239. "target": {
  240. "cell": "966a7aaa-80b9-4a8b-9eb6-197286fffa1c"
  241. },
  242. "vertices": [
  243. {
  244. "x": 400,
  245. "y": 300
  246. }
  247. ]
  248. },
  249. {
  250. "shape": "flow",
  251. "attrs": {
  252. "line": {
  253. "stroke": "#333333",
  254. "targetMarker": {
  255. "name": "block"
  256. },
  257. "sourceMarker": {
  258. "name": "block"
  259. },
  260. "strokeDasharray": null
  261. }
  262. },
  263. "width": 200,
  264. "height": 100,
  265. "zIndex": 10,
  266. "connector": "smooth",
  267. "data": {
  268. "type": "tm.Flow",
  269. "name": "Web Traffic",
  270. "description": "",
  271. "outOfScope": false,
  272. "reasonOutOfScope": "",
  273. "hasOpenThreats": false,
  274. "isBidirectional": true,
  275. "isEncrypted": true,
  276. "isPublicNetwork": true,
  277. "protocol": "HTTPS",
  278. "threats": [
  279. {
  280. "id": "6cce44c1-09a5-436a-8c6e-76f0b8613e53",
  281. "title": "Credential Sniffing",
  282. "status": "Mitigated",
  283. "severity": "Medium",
  284. "type": "Information disclosure",
  285. "description": "Unencrypted traffic exposes user credentials",
  286. "mitigation": "Implement HTTPS to encrypt data-in-transit",
  287. "modelType": "STRIDE",
  288. "new": false,
  289. "number": 16,
  290. "score": ""
  291. }
  292. ]
  293. },
  294. "id": "26203791-f7f3-4db5-99b9-bfada293e7f3",
  295. "labels": [
  296. "Web Traffic"
  297. ],
  298. "source": {
  299. "cell": "97f211c4-cd4b-411e-8479-e60cf7ff21c6"
  300. },
  301. "target": {
  302. "cell": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c"
  303. }
  304. },
  305. {
  306. "shape": "flow",
  307. "attrs": {
  308. "line": {
  309. "stroke": "#333333",
  310. "targetMarker": {
  311. "name": "block"
  312. },
  313. "sourceMarker": {
  314. "name": "block"
  315. },
  316. "strokeDasharray": null
  317. }
  318. },
  319. "width": 200,
  320. "height": 100,
  321. "zIndex": 10,
  322. "connector": "smooth",
  323. "data": {
  324. "type": "tm.Flow",
  325. "name": "Data Flow",
  326. "description": "",
  327. "outOfScope": false,
  328. "reasonOutOfScope": "",
  329. "hasOpenThreats": false,
  330. "isBidirectional": true,
  331. "isEncrypted": false,
  332. "isPublicNetwork": false,
  333. "protocol": "",
  334. "threats": []
  335. },
  336. "id": "e5aca81a-0086-4918-8b87-6b759c806b56",
  337. "source": {
  338. "cell": "e976ea53-2ffd-4980-bde8-723eefaf9fbd"
  339. },
  340. "target": {
  341. "cell": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c"
  342. },
  343. "vertices": [
  344. {
  345. "x": 220,
  346. "y": 290
  347. }
  348. ]
  349. },
  350. {
  351. "shape": "flow",
  352. "attrs": {
  353. "line": {
  354. "stroke": "#333333",
  355. "targetMarker": {
  356. "name": "block"
  357. },
  358. "sourceMarker": {
  359. "name": "block"
  360. },
  361. "strokeDasharray": null
  362. }
  363. },
  364. "width": 200,
  365. "height": 100,
  366. "zIndex": 10,
  367. "connector": "smooth",
  368. "data": {
  369. "type": "tm.Flow",
  370. "name": "Data Flow",
  371. "description": "",
  372. "outOfScope": false,
  373. "reasonOutOfScope": "",
  374. "hasOpenThreats": false,
  375. "isBidirectional": true,
  376. "isEncrypted": false,
  377. "isPublicNetwork": false,
  378. "protocol": "",
  379. "threats": []
  380. },
  381. "id": "efca1f7d-585b-464c-a248-115e47faa17e",
  382. "source": {
  383. "cell": "c12ebdc9-5206-4a36-bed1-393ef6b33c54"
  384. },
  385. "target": {
  386. "cell": "f3b93565-510d-4b23-9726-2e0e233e7e2c"
  387. }
  388. },
  389. {
  390. "shape": "flow",
  391. "attrs": {
  392. "line": {
  393. "stroke": "#333333",
  394. "targetMarker": {
  395. "name": "block"
  396. },
  397. "sourceMarker": {
  398. "name": "block"
  399. },
  400. "strokeDasharray": null
  401. }
  402. },
  403. "width": 200,
  404. "height": 100,
  405. "zIndex": 10,
  406. "connector": "smooth",
  407. "data": {
  408. "type": "tm.Flow",
  409. "name": "Data Flow",
  410. "description": "",
  411. "outOfScope": false,
  412. "reasonOutOfScope": "",
  413. "hasOpenThreats": false,
  414. "isBidirectional": true,
  415. "isEncrypted": false,
  416. "isPublicNetwork": false,
  417. "protocol": "",
  418. "threats": []
  419. },
  420. "id": "ac9a30dc-b439-4149-adf3-b1ebf9bcce7e",
  421. "source": {
  422. "cell": "966a7aaa-80b9-4a8b-9eb6-197286fffa1c"
  423. },
  424. "target": {
  425. "cell": "f3b93565-510d-4b23-9726-2e0e233e7e2c"
  426. }
  427. },
  428. {
  429. "position": {
  430. "x": 250,
  431. "y": 190.0000000000001
  432. },
  433. "size": {
  434. "width": 140,
  435. "height": 130
  436. },
  437. "attrs": {
  438. "text": {
  439. "text": "Web Client"
  440. },
  441. "body": {
  442. "stroke": "#333333",
  443. "strokeWidth": 1.5,
  444. "strokeDasharray": null
  445. }
  446. },
  447. "visible": true,
  448. "shape": "process",
  449. "zIndex": 11,
  450. "id": "9eb5724a-c842-41c7-b1f2-1b695d8ac41c",
  451. "data": {
  452. "type": "tm.Process",
  453. "name": "Web Client",
  454. "description": "",
  455. "outOfScope": false,
  456. "reasonOutOfScope": "",
  457. "hasOpenThreats": false,
  458. "handlesCardPayment": false,
  459. "handlesGoodsOrServices": false,
  460. "isWebApplication": false,
  461. "privilegeLevel": "",
  462. "threats": []
  463. }
  464. },
  465. {
  466. "position": {
  467. "x": 734.9999999999998,
  468. "y": 190.0000000000001
  469. },
  470. "size": {
  471. "width": 120,
  472. "height": 60
  473. },
  474. "attrs": {
  475. "text": {
  476. "text": "PostgreSQL"
  477. },
  478. "topLine": {
  479. "strokeWidth": 1.5,
  480. "strokeDasharray": null
  481. },
  482. "bottomLine": {
  483. "strokeWidth": 1.5,
  484. "strokeDasharray": null
  485. }
  486. },
  487. "visible": true,
  488. "shape": "store",
  489. "zIndex": 12,
  490. "id": "f3b93565-510d-4b23-9726-2e0e233e7e2c",
  491. "data": {
  492. "type": "tm.Store",
  493. "name": "PostgreSQL",
  494. "description": "",
  495. "outOfScope": false,
  496. "reasonOutOfScope": "",
  497. "hasOpenThreats": false,
  498. "isALog": false,
  499. "isEncrypted": false,
  500. "isSigned": false,
  501. "storesCredentials": false,
  502. "storesInventory": false,
  503. "threats": []
  504. }
  505. },
  506. {
  507. "position": {
  508. "x": 410,
  509. "y": 115
  510. },
  511. "size": {
  512. "width": 150,
  513. "height": 130
  514. },
  515. "attrs": {
  516. "text": {
  517. "text": "Identity API"
  518. },
  519. "body": {
  520. "stroke": "#333333",
  521. "strokeWidth": 1.5,
  522. "strokeDasharray": null
  523. }
  524. },
  525. "visible": true,
  526. "shape": "process",
  527. "zIndex": 21,
  528. "id": "c12ebdc9-5206-4a36-bed1-393ef6b33c54",
  529. "data": {
  530. "type": "tm.Process",
  531. "name": "Identity API",
  532. "description": "Handles user signup and login. Written in Java.",
  533. "outOfScope": false,
  534. "reasonOutOfScope": "",
  535. "hasOpenThreats": false,
  536. "handlesCardPayment": false,
  537. "handlesGoodsOrServices": false,
  538. "isWebApplication": false,
  539. "privilegeLevel": "",
  540. "threats": []
  541. }
  542. },
  543. {
  544. "position": {
  545. "x": 410,
  546. "y": 250.0000000000001
  547. },
  548. "size": {
  549. "width": 150,
  550. "height": 130
  551. },
  552. "attrs": {
  553. "text": {
  554. "text": "Workshop API"
  555. },
  556. "body": {
  557. "stroke": "#333333",
  558. "strokeWidth": 1.5,
  559. "strokeDasharray": null
  560. }
  561. },
  562. "visible": true,
  563. "shape": "process",
  564. "zIndex": 22,
  565. "id": "966a7aaa-80b9-4a8b-9eb6-197286fffa1c",
  566. "data": {
  567. "type": "tm.Process",
  568. "name": "Workshop API",
  569. "description": "Handles mechanic service requests using VIN and generates report using provided URL. Written in Python.",
  570. "outOfScope": false,
  571. "reasonOutOfScope": "",
  572. "hasOpenThreats": false,
  573. "handlesCardPayment": false,
  574. "handlesGoodsOrServices": false,
  575. "isWebApplication": false,
  576. "privilegeLevel": "",
  577. "threats": [
  578. {
  579. "id": "173052b2-5abf-4da5-931d-edaf4ee93972",
  580. "title": "Server-Side Request Forgery",
  581. "status": "Mitigated",
  582. "severity": "Medium",
  583. "type": "Tampering",
  584. "description": "The attacker can indirectly access other systems through request manipulation.",
  585. "mitigation": "Input validation. Disable URL redirection in the web client. Restrict network access via firewall rules.",
  586. "modelType": "STRIDE",
  587. "new": false,
  588. "number": 15,
  589. "score": ""
  590. }
  591. ]
  592. }
  593. },
  594. {
  595. "position": {
  596. "x": 35,
  597. "y": 220
  598. },
  599. "size": {
  600. "width": 120,
  601. "height": 120
  602. },
  603. "attrs": {
  604. "text": {
  605. "text": "Google Maps API"
  606. },
  607. "body": {
  608. "stroke": "#333333",
  609. "strokeWidth": 1.5,
  610. "strokeDasharray": null
  611. }
  612. },
  613. "visible": true,
  614. "shape": "process",
  615. "id": "e976ea53-2ffd-4980-bde8-723eefaf9fbd",
  616. "zIndex": 23,
  617. "data": {
  618. "type": "tm.Process",
  619. "name": "Google Maps API",
  620. "description": "Receives GPS coordinates and returns a Google Map showing the current vehicle location",
  621. "outOfScope": false,
  622. "reasonOutOfScope": "",
  623. "hasOpenThreats": false,
  624. "handlesCardPayment": false,
  625. "handlesGoodsOrServices": false,
  626. "isWebApplication": false,
  627. "privilegeLevel": "",
  628. "threats": [
  629. {
  630. "id": "1e2736df-23cc-4d4f-81b9-fd8d0c305fc3",
  631. "title": "Private data exposure via URL query string",
  632. "status": "Mitigated",
  633. "severity": "Medium",
  634. "type": "Information disclosure",
  635. "description": "",
  636. "mitigation": "",
  637. "modelType": "STRIDE",
  638. "new": false,
  639. "number": 19,
  640. "score": ""
  641. }
  642. ]
  643. }
  644. }
  645. ],
  646. "description": "Threat Model for \"My Premium Dealership,\" a microservice architecture B2C application."
  647. }
  648. ],
  649. "diagramTop": 4,
  650. "reviewer": "Sr. Security Engineer",
  651. "threatTop": 19
  652. }
  653. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!