UnixTime

Research Note

EXAM-039 - Secure Coding and Security Testing

- Treating secure SDLC as identical to secure coding. - Treating automated tools as complete proof of secure coding. - Treating functional testing as security testing. - Leaving...

On this page

Memory cue

Last-day cue

A.8.28 = apply secure coding principles. A.8.29 = define and run security testing through development and acceptance.

What the exam is likely testing

Control Exam cue
A.8.28 Standards must fit coding language/context and be applied by developers
A.8.29 Security testing must be planned, risk-based, recorded, remediated, retested, and used for acceptance

Common wrong answers

  • Treating secure SDLC as identical to secure coding.
  • Treating automated tools as complete proof of secure coding.
  • Treating functional testing as security testing.
  • Leaving security tests until final go-live.
  • Accepting unresolved findings without formal risk acceptance.