Lab

Faultlines

A deterministic first look at where risk concentrates in your system.

Faultlines

A deterministic first look at where risk concentrates in your system.

No large language model Client-side Deterministic

What this is

A deterministic threat-modeling pass that surfaces likely failure modes without machine learning or external data. Use it to map trust boundaries, identity, secrets, and deployment risk before deeper review.

Runs entirely in your browser. Nothing is sent to a server.

Who it's for

  • Builders who want a fast architecture risk scan.
  • Security engineers preparing for design reviews.
  • Product teams defining zero-trust boundaries.

Builder notes

This lab is intentionally practical: it is a deterministic pre-review pass to surface risk concentration before deeper threat modeling.

  • Run a preset profile first to establish a baseline.
  • Change one control at a time and observe score deltas.
  • Export markdown and challenge each recommendation in design review.

Learning resources

Use these as review frameworks; this lab provides fast triage, not full risk quantification.

Security Posture

Adjust inputs to improve your posture. Changes update in real-time.

Live

Posture Score

High-Risk Faultlines

Status

Fill in the form to see your risk profile.

Inputs

Step 1 - System profile
Step 2 - Access & secrets
Step 3 - Operations & change
Step 4 - Notes (optional)

Character count: 0/500

How Faultlines works

  • Rule-based scoring grounded in explicit, inspectable logic.
  • Deterministic: the same inputs always produce the same outputs.
  • Designed to surface likely risk concentrations and next questions.

Key Concepts

STRIDE Threat Model

STRIDE categorizes threats into six types: Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. Faultlines maps your inputs to these categories to identify which threat types your system is most exposed to.

Trust Boundaries

A trust boundary is any point where data or control crosses between zones of different privilege. For example, user input reaching a backend API, or a service calling another with elevated permissions. Threats concentrate at these boundaries because assumptions change.

Scoring Methodology

Each faultline is scored 0–100 based on weighted risk factors: exposure level, control maturity, data sensitivity, and compensating controls. Higher scores indicate greater risk concentration. The posture score aggregates all faultlines into a single readiness measure.

Attack Chains

Attackers rarely exploit a single weakness. Attack chains show how compromising one faultline enables escalation to the next. For example, stolen credentials leading to lateral movement, then data exfiltration. Reducing any link in the chain reduces overall risk.