Memory cue
Last-day cue
A.8.28 = apply secure coding principles. A.8.29 = define and run security testing through development and acceptance.
What the exam is likely testing
| Control | Exam cue |
|---|---|
| A.8.28 | Standards must fit coding language/context and be applied by developers |
| A.8.29 | Security testing must be planned, risk-based, recorded, remediated, retested, and used for acceptance |
Common wrong answers
- Treating secure SDLC as identical to secure coding.
- Treating automated tools as complete proof of secure coding.
- Treating functional testing as security testing.
- Leaving security tests until final go-live.
- Accepting unresolved findings without formal risk acceptance.
Related notes
- Iso27001
- Exam
- Secure coding
- Security testing
Note Metadata
Aliases: EXAM-039
Source: 09-Exam-Preparation/EXAM-039-Secure-Coding-and-Security-Testing.md