# Example Rundown ## Location of Example Code {% embed url="" %} ## Running the Example ### Install - Steps * Install mermaidJS and mermaidCLI globally: \* \* * Create Virtualenv with Python 2.7.X * Install the Dependencies for the example with `pip install -r requirements.txt` * Install the vulnerable flask app with `docker pull abhaybhargav/vul_flask` * In the robot file, make sure you edit the ZAP specific variables to the ones you have in your ZAP deployment. This includes: * Path to the zap.sh executable. You don't need to include the sh file in the path * Port that ZAP runs on. Mine runs on port 8090. Please feel free to change * Install the "Export Report" add-on on ZAP * For this example, you will need nmap installed on the machine you are running this example as well The example gives you a perspective of how you can use ThreatPlaybook. The app that I am using to test ThreatPlaybook is a simple REST API, running on a Docker container. It can be pulled with `docker pull abhaybhargav/vul_flask` All of the relevant tests, yaml files, etc are in in the `Simple-API` directory All of the `User Stories -> Abuse Cases -> Threat Scenarios` are individually available (yml files) in the cases directory Security Tests are in the YML file in the `security_tests` directory Entities and connections are in the yml file directory `entities` ### Running the Example Once you are done with Installation, all you have to do is cd into the Simple-API directory and run: `robot SecurityTest.robot` and watch the results. All the results are written into the `results` directory, including the Report.md, which is the final Markdown report. ### Video of the Running ThreatPlaybook {% embed url="" %}