nerdexam
(ISC)2

CISSP · Question #856

Which methodology is recommended for penetration testing to be effective in the development phase of the life-cycle process?

The correct answer is A. White-box testing. White-Box Testing in the Development Phase White-box testing is the recommended methodology because testers have full access to the source code, architecture, and internal workings of the application, making it ideal during development when this information is readily available a

Submitted by obi.ng· Mar 5, 2026Software Development Security

Question

Which methodology is recommended for penetration testing to be effective in the development phase of the life-cycle process?

Options

  • AWhite-box testing
  • BSoftware fuzz testing
  • CBlack-box testing
  • DVisual testing

How the community answered

(49 responses)
  • A
    88% (43)
  • B
    8% (4)
  • C
    2% (1)
  • D
    2% (1)

Explanation

White-Box Testing in the Development Phase

White-box testing is the recommended methodology because testers have full access to the source code, architecture, and internal workings of the application, making it ideal during development when this information is readily available and vulnerabilities can be identified and remediated early in the lifecycle. Black-box testing (C) simulates an external attacker with no internal knowledge, making it better suited for post-development or production environments rather than the development phase itself. Software fuzz testing (B) involves sending random, malformed inputs to find crashes or unexpected behavior, but it is a specific technique rather than a comprehensive penetration testing methodology for the development phase. Visual testing (D) refers to checking the UI/visual appearance of an application and has no meaningful role in penetration testing methodology.

Memory Tip: Think "White = Inside" - white-box gives you the white walls (interior) of the application, just like developers see it. Development phase = developer perspective = white-box testing.

Topics

#Penetration testing#White-box testing#Secure SDLC#Development phase

Community Discussion

No community discussion yet for this question.

Full CISSP Practice