Answers for the TryHackMe SSDLC Room

The TryHackMe Secure Software Development Lifecycle (S-SDLC) is a free room from TryHackMe available at

As this room is purely theory, we will only be presenting the questions and answers

Task 1: Introduction

Question 1

No answer needed

Task 2: What is SSDLC?

Question 1: How much more does it cost to identify vulnerabilities during the testing phase?


Task 3: Implementing SSDLC

Question 1: What should you understand before implementing Secure SDLC processes?

Security Posture

Question 2: During which stages should you perform a Risk Assessment?

Planning and Requirements

Question 3: What should be carried out during the design phase?

Threat Modelling

Task 4: Risk Assessment

Question 1: What is a formula to assign a Qualitative Risk level?

Severity x Likelihood

Question 2: Which type of Risk Assessment assigns numerical values to determine risk?

Quantitative Risk Assessment

Task 5: Threat Modelling

Question 1: What threat modelling methodology assigns a rating system based on risk probability?


Question 2: What threat modelling methodology is built upon the CIA triad?


Question 3: What threat modelling methodology helps align technical requirements with business objectives?


Task 6: Secure Coding

Question 1: Is it recommended to use SAST analysis at the beginning of the SDLC? (y/n)


Question 2: Which type of code analysis uses the black-box method?


Question 3: Which type of code analysis uses the white-box method?


Task 7: Security Assessments

Question 1: Which form of assessment is more budget-friendly and takes less time?

Vulnerability Assessment

Question 2: Which type of assessment identifies vulnerabilities and attempts to exploit them?

Penetration Testing

Question 3: When do you typically carry out Vulnerability Assessments or Pentests?

Operations & Maintenance

Task 8: SSDLC Methodologies

Question 1: What methodology follows a set of mandatory procedures embedded in the SDLC?

Microsoft SDL

Question 2: What Maturity Model helps you measure tailored risks facing your organisation?


Question 3: What maturity model acts as a measuring stick to determine your security posture?


Task 9: Secure Space Lifecycle

Answers to the rocket game:

  • Risk Management
  • Threat Modeling
  • SAST
  • DAST
  • Code Review
  • Secure Config
  • Security Assessment

And the flag is: