SSDLC Solutions

SSDLC is a very simple and informational room, so only Solutions will be provided in case you got stuck.

How much more does it cost to identify vulnerabilities during the testing phase?

15

What should you understand before implementing Secure SDLC processes?

security posture

During which stages should you perform a Risk Assessment?

planning and requirements

What should be carried out during the design phase?

Threat Modelling

What is a formula to assign a Qualitative Risk level?

Severity x Likelihood

Which type of Risk Assessment assigns numerical values to determine risk?

Quantitative Risk Assessment

What threat modelling methodology assigns a rating system based on risk probability?

dread

What threat modelling methodology is built upon the CIA triad?

stride

What threat modelling methodology helps align technical requirements with business objectives?

pasta

 Is it recommended to use SAST analysis at the beginning of the SDLC? (y/n)

y

Which type of code analysis uses the black-box method?

dast

Which type of code analysis uses the white-box method?

sast

Which form of assessment is more budget-friendly and takes less time?

Vulnerability Assessment

Which type of assessment identifies vulnerabilities and attempts to exploit them?

Penetration testing

When do you typically carry out Vulnerability Assessments or Pentests?

Operations &  Maintenance 

What methodology follows a set of mandatory procedures embedded in the SDLC?

Microsoft SDL

What Maturity Model helps you measure tailored risks facing your organisation?

SAMM

What maturity model acts as a measuring stick to determine your security posture?

BSIMM

Now to the rocket game, here’s is a list of the answers:

1. Risk Management
2. Threat Modeling
3. SAST
4. DAST
5. Code Review
6. Secure Config
7. Security Assessment

And you should get the flag

What is the flag?

THM{D0-A-Barr3l-R011}

and that’s all for this SSDLC Room.