nerdexam
(ISC)2

CISSP · Question #1306

What is the overall goal of software security testing?

The correct answer is C. Reducing vulnerabilities within a software system. Software security testing is a discipline focused on identifying and reducing vulnerabilities that could be exploited by attackers. The primary goal is to harden a system by uncovering and remediating weaknesses before they can be leveraged.

Submitted by yuriko_h· Mar 5, 2026Software Development Security

Question

What is the overall goal of software security testing?

Options

  • AIdentifying the key security features of the software
  • BEnsuring all software functions perform as specified
  • CReducing vulnerabilities within a software system
  • DMaking software development more agile

How the community answered

(40 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    90% (36)
  • D
    5% (2)

Why each option

Software security testing is a discipline focused on identifying and reducing vulnerabilities that could be exploited by attackers. The primary goal is to harden a system by uncovering and remediating weaknesses before they can be leveraged.

AIdentifying the key security features of the software

Identifying key security features describes a requirements or design analysis activity, not the primary goal of security testing, which focuses on finding weaknesses rather than cataloging existing protections.

BEnsuring all software functions perform as specified

Ensuring all software functions perform as specified describes functional or acceptance testing, not security testing, which is specifically concerned with how software behaves under adversarial or unexpected conditions.

CReducing vulnerabilities within a software systemCorrect

The overarching goal of software security testing is to reduce vulnerabilities within a software system by systematically identifying flaws such as injection weaknesses, authentication bypasses, or insecure configurations. By finding and remediating these vulnerabilities, security testing lowers the risk of exploitation and improves the overall security posture of the application. This distinguishes it from functional testing, which verifies behavior, rather than proactively hardening the system against attack.

DMaking software development more agile

Making software development more agile describes a process methodology goal (e.g., Agile or DevSecOps adoption) and is unrelated to the technical objective of security testing itself.

Concept tested: Primary objective of software security testing

Source: https://owasp.org/www-project-web-security-testing-guide/

Topics

#software security testing#vulnerability reduction#SDLC security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice