nerdexam
Isaca

CDPSE · Question #177

Which of the following is the BEST way to ensure that application hardening is included throughout the software development life cycle (SDLC)?

The correct answer is B. Include qualified application security personnel as part of the process.. Embedding qualified application security professionals (e.g., security engineers, AppSec specialists) directly into SDLC teams ensures that security hardening practices-threat modeling, secure coding reviews, dependency analysis, configuration hardening-are applied continuously a

Privacy Architecture

Question

Which of the following is the BEST way to ensure that application hardening is included throughout the software development life cycle (SDLC)?

Options

  • ARequire an annual internal audit of SDLC processes.
  • BInclude qualified application security personnel as part of the process.
  • CEnsure comprehensive application security testing immediately prior to release.
  • DRequire an annual third-party audit of new client software solutions.

How the community answered

(33 responses)
  • A
    9% (3)
  • B
    82% (27)
  • C
    6% (2)
  • D
    3% (1)

Explanation

Embedding qualified application security professionals (e.g., security engineers, AppSec specialists) directly into SDLC teams ensures that security hardening practices-threat modeling, secure coding reviews, dependency analysis, configuration hardening-are applied continuously at every phase from design through deployment. This is the DevSecOps model. Annual internal audits (A) and annual third-party audits (D) are periodic and retrospective, missing issues introduced between audit cycles. Comprehensive security testing immediately before release (C) is a late-stage gate that finds issues too late to fix cheaply, and it does not cover earlier SDLC phases where hardening decisions are made.

Topics

#Secure SDLC#Application Security#Security by Design#Shift Left Security

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice