Which secure software design principle assumes attackers have the source code and specifications of the product?
Features have been developed and fully tested, the production environment has been created, and leadership has approved the release of the new product. Technicians have scheduled a time and date to make the product available to customers.
Which phase of the software development lifecycle (SDLC) is being described?
In which step of the PASTA threat modeling methodology is vulnerability and exploit analysis performed?
The security team has received notice of an insecure direct object reference vulnerability in a third-party component library that could result in remote code execution. The component library was replaced and is no longer being used within the application.
How should the organization remediate this vulnerability?
What is a countermeasure to the web application security frame (ASF) authentication threat category?
The security team is reviewing whether changes or open issues exist that would affect requirements for handling personal information documented in earlier phases of the development life cycle.
Which activity of the Ship SDL phase is being performed?
Which software-testing technique can be automated or semi-automated and provides invalid, unexpected, or random data to the inputs of a computer software program?
Which privacy impact statement requirement type defines processes to keep personal information updated and accurate?