Security testers have completed testing and are documenting the results of vulnerability scans and penetration analysis They are also creating documentation lo share with the organization's largest customers.
Which deliverable is being prepared?
Which secure coding best practice says to ensure that buffers are allocated correctly and at the right size, that input strings are truncated to a reasonable length, and that resources, connections, objects, and file handles are destroyed once the application no longer needs them?
The security software team has cloned the source code repository of the new software product so they can perform vulnerability testing by modifying or adding small snippets of code to see if they can cause unexpected behavior and application failure.
Which security testing technique is being used?
The scrum team decided that before any change can be merged and tested, it must be looked at by the learns lead developer, who will ensure accepted coding patterns are being followed and that the code meets the team's quality standards.
Which category of secure software best practices is the team performing?
The security team contracts with an independent security consulting firm to simulate attacks on deployed products and report results to organizational leadership.
Which category of secure software best practices is the team performing?
The product security incident response team (PSIRT) has decided to make a formal public disclosure, including base and temporal common vulnerability scoring system (CVSS) scores and a common vulnerabilities and exposures (CVE) ID report, of an externally discovered vulnerability.
What is the most likely reason for making a public disclosure?
In which step of the PASTA threat modeling methodology will the team capture infrastructure, application, and software dependencies?
What is a countermeasure to the web application security frame (ASF) data validation/parameter validation threat category?