SSDLC is a very simple and informational room, so only Solutions will be provided in case you got stuck.
How much more does it cost to identify vulnerabilities during the testing phase?
What should you understand before implementing Secure SDLC processes?
During which stages should you perform a Risk Assessment?
planning and requirements
What should be carried out during the design phase?
What is a formula to assign a Qualitative Risk level?
Severity x Likelihood
Which type of Risk Assessment assigns numerical values to determine risk?
Quantitative Risk Assessment
What threat modelling methodology assigns a rating system based on risk probability?
What threat modelling methodology is built upon the CIA triad?
What threat modelling methodology helps align technical requirements with business objectives?
Is it recommended to use SAST analysis at the beginning of the SDLC? (y/n)
Which type of code analysis uses the black-box method?
Which type of code analysis uses the white-box method?
Which form of assessment is more budget-friendly and takes less time?
Which type of assessment identifies vulnerabilities and attempts to exploit them?
When do you typically carry out Vulnerability Assessments or Pentests?
Operations & Maintenance
What methodology follows a set of mandatory procedures embedded in the SDLC?
What Maturity Model helps you measure tailored risks facing your organisation?
What maturity model acts as a measuring stick to determine your security posture?
Now to the rocket game, here’s is a list of the answers:
- Risk Management
- Threat Modeling
- Code Review
- Secure Config
- Security Assessment
And you should get the flag
What is the flag?
and that’s all for this SSDLC Room.