8.29 Security Testing in Development and Acceptance
Control
Security testing processes should be defined and implemented in the development life cycle.
Purpose
Security testing in development and acceptance is a process that helps identify and mitigate security vulnerabilities in software applications before they are deployed. This type of testing is typically done during the development and acceptance phases of the software development life cycle (SDLC).
Implementation Guidance
Security testing during the development phase includes a variety of techniques such as code reviews, penetration testing, and fuzz testing. These techniques help to identify and fix security vulnerabilities in the code before it is deployed.Acceptance testing is the final stage of testing before the software is released to the customer. It verifies that the software meets the specified acceptance criteria and that it is free of known security vulnerabilities. This can include functional testing, performance testing, and security testing.The goal of security testing during development and acceptance is to ensure that the software is free of known security vulnerabilities and that it meets the security requirements before it is deployed. By identifying and mitigating security vulnerabilities early in the SDLC, the cost of fixing them later on can be reduced or avoided.It also helps to comply with the industry standards and regulations such as PCI-DSS, HIPAA, SOC2 etc.
ISO 27001:2022
Technological Controls
AvISO will be updating and reviewing all the information regularly, so keep us bookmarked and keep checking!
Got a question or need help? Don't hesitate to reach out to our team.
27002:2022 Related Controls
CLick to view control
If you would like to know more about ISO Standards, Certification and the value of a good management system you can add to your business we would love to hear from you: Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk
