The TryHackMe Secure Software Development Lifecycle (S-SDLC) is a free room from TryHackMe available at https://tryhackme.com/room/securesdlc
As this room is purely theory, we will only be presenting the questions and answers
Task 1: Introduction
No answer needed
Task 2: What is SSDLC?
Question 1: How much more does it cost to identify vulnerabilities during the testing phase?
Task 3: Implementing SSDLC
Question 1: What should you understand before implementing Secure SDLC processes?
Question 2: During which stages should you perform a Risk Assessment?
Planning and Requirements
Question 3: What should be carried out during the design phase?
Task 4: Risk Assessment
Question 1: What is a formula to assign a Qualitative Risk level?
Severity x Likelihood
Question 2: Which type of Risk Assessment assigns numerical values to determine risk?
Quantitative Risk Assessment
Task 5: Threat Modelling
Question 1: What threat modelling methodology assigns a rating system based on risk probability?
Question 2: What threat modelling methodology is built upon the CIA triad?
Question 3: What threat modelling methodology helps align technical requirements with business objectives?
Task 6: Secure Coding
Question 1: Is it recommended to use SAST analysis at the beginning of the SDLC? (y/n)
Question 2: Which type of code analysis uses the black-box method?
Question 3: Which type of code analysis uses the white-box method?
Task 7: Security Assessments
Question 1: Which form of assessment is more budget-friendly and takes less time?
Question 2: Which type of assessment identifies vulnerabilities and attempts to exploit them?
Question 3: When do you typically carry out Vulnerability Assessments or Pentests?
Operations & Maintenance
Task 8: SSDLC Methodologies
Question 1: What methodology follows a set of mandatory procedures embedded in the SDLC?
Question 2: What Maturity Model helps you measure tailored risks facing your organisation?
Question 3: What maturity model acts as a measuring stick to determine your security posture?
Task 9: Secure Space Lifecycle
Answers to the rocket game:
- Risk Management
- Threat Modeling
- Code Review
- Secure Config
- Security Assessment
And the flag is: