CodersSecret
Threat Modeling Lab

Threat Modeling Challenge

Map the attack surface of real cloud-native systems. Each scenario presents an architecture or data-flow diagram and asks you to enumerate threats with STRIDE, prioritise mitigations, and identify the trust boundary that actually matters.

6 scenarios~15 minutesHard
RUNHard

How the simulator works

  • Each scenario shows an architecture diagram, data flow, or asset inventory from a real cloud-native system.
  • Identify the top threat from four plausible options — the wrong answers explain why they look plausible but rank lower.
  • Read the production explanation, follow the link to the relevant lesson, and move to the next scenario.
  • Score yourself across all six rounds — covering STRIDE classification, trust boundaries, data classification, attack trees, severity prioritisation, and mitigation cost.