Secure SDLC Project

Practice your secure SDLC skills with this project.

2 hours, 29 minutes

Project Description

This project focuses on the three phases taught as part of Secure SDLC Learning Path: Secure Design, Secure Build and Secure Validation. In exercise 1, you'll download the Microsoft Threat Modeling Tool to practice a threat modeling approach. Exercise 2 focuses on using static application security testing using VCG (VisualCodeGrepper)​ and explores how to uncover the vulnerabilities in the source code (Java with Spring framework). Exercises 3 and 4 focus on white-box security testing​ and requires both automated tool-based analysis and manual analysis to explore the code in order to confirm the flaws that are possible in the web application.


Project Applications


Application needed to complete the project.
Project Solutions

File - 00:10:00

This document contains solutions to the project challenges.
Project Challenges

File - 02:00:00

Description of challenges you need to complete as part of this project.
Project Codebase


Files you will need to complete the project.
Exercises 2, 3, 4 Walkthrough

Video - 00:12:00

This video walks you through exercises 2-4: static application security testing (SAST) using codebase and VCG tool, white-box security testing and manual analysis, and white-box security testing with manual analysis.
Exercise 1 Walkthrough

Video - 00:07:00

This video walks you through exercise 1, threat modeling approach using Microsoft Threat Modeling Tool.

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments