Lab2 submission: Basanov Maxim

[scruffyscarf]

Goal

Creating a model with Threagile and automatically generating a risk report + diagrams from YAML, making a small, security-relevant model change and demonstrating how it changes the risk set.

Changes

1. Modified Model File: Created a secure variant (threagile-model.secure.yaml) from the baseline model.
2. Enabled HTTPS: Changed the protocol from "http" to "https" for the communication links:
   • User Browser -> Direct to App (no proxy)
   • Reverse Proxy -> To App
3. Enabled Encryption at Rest: Changed the encryption property of the Persistent Storage technical asset from "none" to "transparent".

Testing

1. Baseline Analysis: Executed the Threagile CLI tool against the baseline model (threagile-model.yaml) to generate a report, diagrams, and a risks.json file in the labs/lab2/baseline/ directory.
2. Secure Analysis: Executed the Threagile CLI tool against the modified secure model (threagile-model.secure.yaml) to generate outputs in the labs/lab2/secure/ directory.
3. Result Validation: The effectiveness of the changes was validated by comparing the generated risks.json files from both runs. The comparison showed a complete elimination of unencrypted-communication risks and a reduction in unencrypted-asset risks.

Artifacts & Screenshots

• Baseline Model: labs/lab2/threagile-model.yaml
• Secure Model: labs/lab2/threagile-model.secure.yaml
• Generated Diagrams:
  • labs/lab2/baseline/data-asset-diagram.png
  • labs/lab2/baseline/data-flow-diagram.png
  • labs/lab2/secure/data-asset-diagram.png
  • labs/lab2/secure/data-flow-diagram.png
• Top 5 Risks Table: Added to labs/submission2.md.
• Risk Delta Table: Added to labs/submission2.md.

Checklist

• PR has a clear and descriptive title
• Documentation has been updated if necessary
• No sensitive data or large temporary files have been committed
• Task 1: Threagile baseline model + report + diagrams + submission2.md (Top 5)
• Task 2: HTTPS Variant + secure run + Category delta table + delta explanation