A company's application development has been outsourced to a third-party development team. Based on the SLA, the development team must follow industry best practices for secure coding. Which of the following is the BEST way to verify this agreement?
Security regression testing is a type of testing that is designed to ensure that changes to an application or system do not introduce new security vulnerabilities. It involves rerunning security tests that were previously performed on the application or system to verify that the security controls are still effective and that no new vulnerabilities have been introduced.
Here are my thoughts:
A. Input validation is just a one of many secure coding practices.
B. Security regression happens AFTER a change has been made to test the apps function.
C. Application fuzzing automates the discovery of security and coding mistakes.
D. User acceptance is more about functionality and fit for purpose.
E. Stress testing won't necessarily test for secure coding.
I'll go with C.
"Threat actors use fuzzing to find zero-day exploits – this is known as a fuzzing attack. Security professionals, on the other hand, leverage fuzzing techniques to assess the security and stability of applications."
https://brightsec.com/blog/fuzzing/
Security regression testing is designed to ensure that new code or updates do not introduce new vulnerabilities and that existing security features remain effective. This type of testing helps verify that the development team is adhering to secure coding practices, as outlined in the SLA, by checking for security flaws consistently throughout the development process.
B. Security regression testing
Explanation:
Security regression testing involves systematically retesting a software application to ensure that new code changes have not introduced security vulnerabilities or weaknesses. This type of testing helps identify any unintended security issues that may arise as a result of modifications to the code.
B. Security regression testing
Security regression testing involves systematically retesting a software application to ensure that any recent changes or updates have not introduced new security vulnerabilities or negatively impacted existing security measures.
Got to go with C for this one.
At the end of the day while it's an awkwardly worded question user acceptance testing is not a code review technique. Security regression testing is out since this is a new application, not one having changes made, input validation is too specific and stress testing is just irrelevant to the question.
Security regression testing is a type of testing that is performed to ensure that changes to an application do not introduce new security vulnerabilities. This is done by re-testing the application for security vulnerabilities after each change is made.
The company started the code with industry best practices for secure coding in mind and its outsourcing it wanting to make sure the third party follows tthe original secure coding practices and nothing is changed on security just work on the code and finish it because the original company dont have the time to do the trivia work that takes long time. They will insure you the best practices and you follow their steps and they make sure you didnt change anything so original company should do B. Security regression testing
The best way to verify if the third-party development team is following industry best practices for secure coding, based on the SLA, would be to conduct security regression testing (option B).
Security regression testing involves retesting the application to ensure that any security vulnerabilities or weaknesses that were previously identified have been resolved and that new vulnerabilities have not been introduced during the development process. It helps to verify that the secure coding practices and measures are being implemented effectively.
I'm choosing c, User acceptance doesn't have nothing to do with the SLA and best code practice, this is "testing the application by its intended audience, option B security regression you do it after you patch it, no make sure there is not vulnerabilities and everything has been solved (last step), and input validation is not even an option
Tough security regression if they are making changes to the application. And fuzzing if it’s the first version of the application. I cant tell what the question is asking for unfortunately
The best way to verify that the third-party development team is following industry best practices for secure coding is to conduct security regression testing. This type of testing involves retesting a previously tested application after modifying or updating it to ensure that the changes have not introduced any new vulnerabilities or security issues. By conducting security regression testing, the company can verify that the development team is following industry best practices for secure coding and that the application is secure. Other testing methods, such as input validation, application fuzzing, user acceptance testing, and stress testing, may also be useful in ensuring the security of the application, but are not specifically focused on verifying that the development team is following industry best practices for secure coding.
Answer is C
the question states that according to the SLA, the 3rd party must comply with industry standard rules , so after that, we can forget about the SLA itself, industry standard is across the board for everyone. If it had stated specifically in the SLA that the company requires x,y,z , then you could consider userr acceptance testing.
What Is Fuzzing? Fuzzing or fuzz testing is a dynamic application security testing technique for negative testing. Fuzzing aims to detect known, unknown, and zero-day vulnerabilities
on the topic of "secure" coding, fuzzing would be directly related to that.
whilst user acceptance testing doesnt necessarily have anything to do with coding,.
User Acceptance Testing (UAT) is a type of testing performed by the end user or the client to verify/accept the software system before moving the software application to the production environment. UAT is done in the final phase of testing after functional, integration and system testing is done.
you can even go so far as to do the user acceptance testing but that wont prove that the code is secure. the application can run just as intended and somewhere down the line, all hell breaks loose
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
TIM0088
Highly Voted 2 years, 4 months agotrojan123
2 years, 3 months agoTheSkyMan
Highly Voted 2 years, 8 months agoHereToStudy
2 years, 1 month agoTreymb6
2 years, 7 months agoSolventCourseisSCAM
2 years, 6 months ago2Fish
2 years, 2 months agozecomeia_007
Most Recent 9 months, 2 weeks agoRobV
1 year, 4 months ago32d799a
1 year, 5 months agoSaphi
1 year, 7 months agoXoomalla
1 year, 8 months agonaleenh
1 year, 8 months agoAliyan
1 year, 9 months agokyky
1 year, 10 months agotutita
1 year, 11 months agoHereToStudy
2 years, 1 month agobradseth
2 years, 1 month agoaisling
2 years, 2 months agoprntscrn23
2 years, 4 months agotrojan123
2 years, 5 months agoTag
2 years, 7 months agoTag
2 years, 7 months agoTag
2 years, 7 months agoTag
2 years, 7 months ago2Fish
2 years, 2 months ago2Fish
2 years, 1 month ago