We're building the future of Supply Chain Security. View Roles

07) Does your organisation conduct appropriate security testing as part of your development lifecycle?

August 31, 2022

Answer yes if your organisation performs security testing of all applications & systems during the build process. Please describe the security testing performed which could include, but is not limited to Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Infrastructure security testing.

Including security testing as part of your development lifecycle helps to ensure you identify and address security concerns early before they become live vulnerabilities. Identifying issues early in the process makes it much easier to remediate and prevent systemic issues in future.

How to implement the control:

The UK National Cyber Security Centre (NCSC) has produced some useful guidance on implementing security testing within your software development workflows.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.

Leave a public comment

Please do not submit your answer on the knowledge base.