Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

07) Does your organisation conduct appropriate security testing as part of your development lifecycle?

August 30, 2022
Small Framework

Answer yes if your organisation performs security testing of all applications & systems during the build process. Please describe the security testing performed which could include, but is not limited to Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Infrastructure security testing.

Including security testing as part of your development lifecycle helps to ensure you identify and address security concerns early before they become live vulnerabilities. Identifying issues early in the process makes it much easier to remediate and prevent systemic issues in future.

How to implement the control

The UK National Cyber Security Centre (NCSC) has produced some useful guidance on implementing security testing within your software development workflows.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.