Secure SDLC Project


  • Project Challenges File — 02:00:00
    • Description of challenges you need to complete as part of this project.

  • Project Solutions File — 00:10:00
    • This document contains solutions to the project challenges.

  • Exercise 1 Walkthrough Video — 00:06:42
    • This video walks you through exercise 1, threat modeling approach using Microsoft Threat Modeling Tool.

  • Project Codebase File — 00:00:00
    • Files you will need to complete the project.

  • Project Applications File — 00:00:00
    • Application needed to complete the project.

  • Exercises 2, 3, 4 Walkthrough Video — 00:11:57
    • This video walks you through exercises 2-4: static application security testing (SAST) using codebase and VCG tool, white-box security testing and manual analysis, and white-box security testing with manual analysis.


Project description

This project focuses on the three phases taught as part of Secure SDLC Learning Path: Secure Design, Secure Build and Secure Validation. In exercise 1, you’ll download the Microsoft Threat Modeling Tool to practice a threat modeling approach. Exercise 2 focuses on using static application security testing using VCG (VisualCodeGrepper)​ and explores how to uncover the vulnerabilities in the source code (Java with Spring framework). Exercises 3 and 4 focus on white-box security testing​ and requires both automated tool-based analysis and manual analysis to explore the code in order to confirm the flaws that are possible in the web application.

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments