Project

Secure SDLC Project

Practice your secure SDLC skills with this project.

2 hours, 28 minutes

Start Free Trial

Project description

This project focuses on the three phases taught as part of Secure SDLC Learning Path: Secure Design, Secure Build and Secure Validation. In exercise 1, you’ll download the Microsoft Threat Modeling Tool to practice a threat modeling approach. Exercise 2 focuses on using static application security testing using VCG (VisualCodeGrepper)​ and explores how to uncover the vulnerabilities in the source code (Java with Spring framework). Exercises 3 and 4 focus on white-box security testing​ and requires both automated tool-based analysis and manual analysis to explore the code in order to confirm the flaws that are possible in the web application.

Contents

Project Codebase

File — 00:00:00

Files you will need to complete the project.

Project Applications

File — 00:00:00

Application needed to complete the project.

Project Challenges

File — 02:00:00

Description of challenges you need to complete as part of this project.

Exercise 1 Walkthrough

Video — 00:06:42

This video walks you through exercise 1, threat modeling approach using Microsoft Threat Modeling Tool.

Exercises 2, 3, 4 Walkthrough

Video — 00:11:57

This video walks you through exercises 2-4: static application security testing (SAST) using codebase and VCG tool, white-box security testing and manual analysis, and white-box security testing with manual analysis.

Project Solutions

File — 00:10:00

This document contains solutions to the project challenges.

Plans & pricing

  • Infosec Skills Personal

    $299 / year
    Buy Now 7-Day Free Trial
    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support

  • Infosec Skills Teams

    $799 per license / year
    Book a Meeting
    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments
Start Free Trial