Secure SDLC Project

Practice your secure Software Development Life Cycle (SDLC) skills as your progress through four exercises. This project focuses on the three phases taught as part of Secure SDLC Learning Path: Secure Design, Secure Build and Secure Validation. In exercise 1, you'll download the Microsoft Threat Modeling Tool to practice a threat modeling approach. Exercise 2 focuses on using static application security testing using VCG (VisualCodeGrepper)​ and explores how to uncover the vulnerabilities in the source code (Java with Spring framework). Exercises 3 and 4 focus on white-box security testing​ and requires both automated tool-based analysis and manual analysis to explore the code in order to confirm the flaws that are possible in the web application.

Get Started

Free training week — 700+ on-demand courses and hands-on labs

Start Learning

Get hands-on secure SDLC experience

Estimated project time: 2 hours, 27 minutes

Project Codebase
File
Project Codebase

Project Codebase

Files you will need to complete the project.
Project Applications
File
Project Applications

Project Applications

Application needed to complete the project.
Project Challenges
File
Project Challenges

Project Challenges

Description of challenges you need to complete as part of this project.
Exercise 1 Walkthrough
Video
Exercise 1 Walkthrough

Exercise 1 Walkthrough

This video walks you through exercise 1, threat modeling approach using Microsoft Threat Modeling Tool.

7 minutes
Exercises 2, 3, 4 Walkthrough
Video
Exercises 2, 3, 4 Walkthrough

Exercises 2, 3, 4 Walkthrough

This video walks you through exercises 2-4: static application security testing (SAST) using codebase and VCG tool, white-box security testing and manual analysis, and white-box security testing with manual analysis.

12 minutes
Project Solutions
File
Project Solutions

Project Solutions

This document contains solutions to the project challenges.

Train on your schedule

Personal
Teams

Infosec Skills subscription

Monthly
Annually

$34 / month

Buy Now 7-Day Free Trial

$299 / year

Buy Now 7-Day Free Trial
  • 80+ role-based learning paths (Ethical Hacking, Threat Hunting, etc.)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (CISSP, Security+, etc.)
  • Skill assessments
  • Infosec peer community support
  • Create custom learning paths from 100s of courses

Infosec Skills boot camp

Request a quote for pricing

 

Request Quote Browse Boot Camps
  • Exam Pass Guarantee
    If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
  • 100% Satisfaction Guarantee
    If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
  • Live, instructor-led training (available in-person or online)
  • 90 day extended access to recordings of daily lessons
  • Certification exam voucher
  • Learn by doing with hundreds of additional hands-on courses and labs Infosec Skills Annual

Infosec Skills subscription

Annual

$599 per learner / year

Request Quote Free Team Trial
  • Team administration and reporting
  • Transferable licenses
  • 80+ role-based learning paths (Ethical Hacking, Threat Hunting, etc.)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (CISSP, Security+, etc.)
  • Skill assessments
  • Create and assign custom learning paths
  • Dedicated client success manager

Infosec Skills boot camp

Request a quote for pricing

 

Request Quote Browse Boot Camps
  • Team boot camp administration and reporting
  • Exam Pass Guarantee
    If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
  • 100% Satisfaction Guarantee
    If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
  • Knowledge Transfer Guarantee
    If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
  • Certification exam vouchers
  • Live, instructor-led training (available onsite, in-person or online)
  • 90 days extended access to recordings of daily lessons
  • Build your team's skills with hundreds of additional hands-on courses and labs

Exceptional learning experiences powered by LX Labs cyber expertise

Infosec Skills courses and labs are powered by LX Labs — our elite team of cyber SMEs, learning specialists and community of top-ranked security instructors, published authors and sought-after industry leaders. We rigorously vet all Infosec Skills training resources to guarantee they meet certification and compliance requirements and align with recognized guidelines like the NICE Cybersecurity Workforce Framework.

Meet LX Labs
LX Labs