threagile-novault.yaml

threagile_version: 1.0.0

# NOTE:
#
# For a perfect editing experience within your IDE of choice you can easily
# get model syntax validation and autocompletion (very handy for enum values)
# as well as live templates: Just import the schema.json into your IDE and assign
# it as "schema" to each Threagile YAML file. Also try to import individual parts
# from the live-templates.txt file into your IDE as live editing templates.
#
# You might also want to try the REST API when running in server mode...


# This is only a stub for simple quick editing and is not complete.
# For a complete usable example model see the "-create-example-model" option.


title: Sample Application 

date: 2023-09-27

author:
  name: Ciro Bologna
  homepage:




management_summary_comment: Threat modeling should be part of SDLC
business_criticality: important # values: archive, operational, important, critical, mission-critical




business_overview:
  description: This sample app can be used to send and store greetings to your friendly security architect
  images:
#    - custom-image-1.png: Some dummy image 1
#    - custom-image-2.png: Some dummy image 2


technical_overview:
  description: frontend is in react (which I never used before), backend is in spring boot, database is mysql
  images:
#    - custom-image-1.png: Some dummy image 1
#    - custom-image-2.png: Some dummy image 2



questions: # simply use "" as answer to signal "unanswered"
  Some question without an answer?: ""
  Some question with an answer?: >
    Some answer



abuse_cases:
  Abuse Case 1: >
    A malicious user can impersonate somebody else and say bad words to the security architect
  Abuse Case 2: >
    A malicious external user can attempt exfiltrating greetings meant for the security architect eyes only
  Abuse Case 3: >
    A malicious admin with access to the database can attempt modifying the greeting value



security_requirements:
  Input Validation: Strict input validation is required to reduce the overall attack surface.
  Authentication: Authentication is required to avoid unpleasant greetings from trolls.


# Tags can be used for anything, it's just a tag. Also risk rules can act based on tags if you like.
# Tags can be used for example to name the products used (which is more concrete than the technology types that only specify the type)
tags_available:
  - aws
  - aws:apigateway
  - aws:dynamodb
  - aws:ebs
  - aws:ec2
  - aws:iam
  - aws:lambda
  - aws:rds
  - aws:s3
  - aws:sqs
  - aws:vpc
  - azure
  - docker
  - gcp
  - git
  - kubernetes
  - nexus
  - ocp
  - openshift
  - tomcat
  - some-tag
  - some-other-tag


data_assets:

  Greetings:
    id: greetings
    description: few words
    usage: business # values: business, devops
    tags:
    origin: Users
    owner: Security Architect
    quantity: many # values: very-few, few, many, very-many
    confidentiality: confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: archive # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: greetings should remain private and should not be


technical_assets:

  Frontend:
    id: frontend
    description: react frontend
    type: process # values: external-entity, process, datastore
    usage: business # values: business, devops
    used_as_client_by_human: true
    out_of_scope: false
    justification_out_of_scope:
    size: component # values: system, service, application, component
    technology: browser # values: see help
    tags:
      - some-tag
      - some-other-tag
    internet: true
    machine: container # values: physical, virtual, container, serverless
    encryption: transparent # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Some Owner
    confidentiality: public # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: operational # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: Some Justification
    multi_tenant: false
    redundant: false
    custom_developed_parts: true
    data_assets_processed: # sequence of IDs to reference
      - greetings
    data_assets_stored: # sequence of IDs to reference
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
      - json
    communication_links:
      User Traffic:
        target: backend
        description: Some Description
        protocol: https # values: see help
        authentication: none # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: none # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: business # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - greetings
        data_assets_received: # sequence of IDs to reference


  Backend:
    id: backend
    description: Some Description
    type: process # values: external-entity, process, datastore
    usage: business # values: business, devops
    used_as_client_by_human: false
    out_of_scope: false
    justification_out_of_scope:
    size: component # values: system, service, application, component
    technology: web-service-rest # values: see help
    tags:
      - some-tag
      - some-other-tag
    internet: false
    machine: virtual # values: physical, virtual, container, serverless
    encryption: none # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Some Owner
    confidentiality: confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: critical # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: Some Justification
    multi_tenant: false
    redundant: false
    custom_developed_parts: true
    data_assets_processed: # sequence of IDs to reference
      - greetings
    data_assets_stored: # sequence of IDs to reference
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
      - json
    communication_links:
      Server Traffic:
        target: database
        description: Some Description
        protocol: jdbc # values: see help
        authentication: none # values: none, credentials, session-id, token, client-certificate, two-factor
        authorization: none # values: none, technical-user, enduser-identity-propagation
        tags:
        vpn: false
        ip_filtered: false
        readonly: false
        usage: business # values: business, devops
        data_assets_sent: # sequence of IDs to reference
          - greetings
        data_assets_received: # sequence of IDs to reference
          - greetings

  Database:
    id: database
    description: Some Description
    type: process # values: external-entity, process, datastore
    usage: business # values: business, devops
    used_as_client_by_human: false
    out_of_scope: false
    justification_out_of_scope:
    size: component # values: system, service, application, component
    technology: database # values: see help
    tags:
      - some-tag
      - some-other-tag
    internet: false
    machine: container # values: physical, virtual, container, serverless
    encryption: none # values: none, transparent, data-with-symmetric-shared-key, data-with-asymmetric-shared-key, data-with-enduser-individual-key
    owner: Some Owner
    confidentiality: confidential # values: public, internal, restricted, confidential, strictly-confidential
    integrity: critical # values: archive, operational, important, critical, mission-critical
    availability: critical # values: archive, operational, important, critical, mission-critical
    justification_cia_rating: Some Justification
    multi_tenant: false
    redundant: false
    custom_developed_parts: true
    data_assets_processed: # sequence of IDs to reference
      - greetings
    data_assets_stored:
      - greetings # sequence of IDs to reference
    data_formats_accepted: # sequence of formats like: json, xml, serialization, file, csv
      - serialization
    communication_links:

trust_boundaries:

  Some Trust Boundary:
    id: some-network
    description: Some Description
    type: network-dedicated-hoster # values: see help
    tags:
    technical_assets_inside: # sequence of IDs to reference
      - backend
      - database
    trust_boundaries_nested: # sequence of IDs to reference




shared_runtimes:

  EKS:
    id: eks
    description: AWS containerization
    tags:
    technical_assets_running: # sequence of IDs to reference
      - frontend
      - backend
      - database




individual_risk_categories: # used for adding custom manually identified risks

  Some Individual Risk Example:
    id: something-strange
    description: Some text describing the risk category...
    impact: Some text describing the impact...
    asvs: V0 - Something Strange
    cheat_sheet: https://example.com
    action: Some text describing the action...
    mitigation: Some text describing the mitigation...
    check: Check if XYZ...
    function: business-side # values: business-side, architecture, development, operations
    stride: repudiation # values: spoofing, tampering, repudiation, information-disclosure, denial-of-service, elevation-of-privilege
    detection_logic: Some text describing the detection logic...
    risk_assessment: Some text describing the risk assessment...
    false_positives: Some text describing the most common types of false positives...
    model_failure_possible_reason: false
    cwe: 693
    risks_identified:
      <b>Example Individual Risk</b> at <b>Some Technical Asset</b>:
        severity: critical # values: low, medium, elevated, high, critical
        exploitation_likelihood: likely # values: unlikely, likely, very-likely, frequent
        exploitation_impact: medium # values: low, medium, high, very-high
        data_breach_probability: probable # values: improbable, possible, probable
        data_breach_technical_assets: # list of technical asset IDs which might have data breach
          - database
        most_relevant_data_asset:
        most_relevant_technical_asset: database
        most_relevant_communication_link:
        most_relevant_trust_boundary:
        most_relevant_shared_runtime:





# NOTE:
# For risk tracking each risk-id needs to be defined (the string with the @ sign in it). These unique risk IDs
# are visible in the PDF report (the small grey string under each risk), the Excel (column "ID"), as well as the JSON responses.
# Some risk IDs have only one @ sign in them, while others multiple. The idea is to allow for unique but still speaking IDs.
# Therefore each risk instance creates its individual ID by taking all affected elements causing the risk to be within an @-delimited part.
# Using wildcards (the * sign) for parts delimited by @ signs allows to handle groups of certain risks at once. Best is to lookup the IDs
# to use in the created Excel file. Alternatively a model macro "seed-risk-tracking" is available that helps in initially
# seeding the risk tracking part here based on already identified and not yet handled risks.
risk_tracking:

  unencrypted-asset@database: # wildcards "*" between the @ characters are possible
    status: accepted # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive
    justification: Risk accepted as tolerable
    ticket: XYZ-1234
    date: 2023-10-01
    checked_by: Ciro Bologna



#diagram_tweak_edge_layout: spline # values: spline, polyline, false, ortho (this suppresses edge labels), curved (this suppresses edge labels and can cause problems with edges)

#diagram_tweak_suppress_edge_labels: true
#diagram_tweak_layout_left_to_right: true
#diagram_tweak_nodesep: 2
#diagram_tweak_ranksep: 2
#diagram_tweak_invisible_connections_between_assets:
#  - tech-asset-source-id-A:tech-asset-target-id-B
#  - tech-asset-source-id-C:tech-asset-target-id-D
#diagram_tweak_same_rank_assets:
#  - tech-asset-source-id-E:tech-asset-target-id-F:tech-asset-source-id-G:tech-asset-target-id-H
#  - tech-asset-source-id-M:tech-asset-target-id-N:tech-asset-source-id-O