Security testing (for example, static testing, dynamic testing, fuzz testing, penetration testing) is performed for in-house-developed and in-house-tailored applications periodically and according to defined triggers, such as system changes and external events
Context and Guidance: Software security testing provides validation and verification that the software performs as expected under normal operating conditions and does not contain control weaknesses or vulnerabilities that could pose additional risk to the organisation. Security testing should be a consideration in each phase of the software development lifecycle, including requirements definition, design, development, testing, and maintenance.
Related Practices • Progression: This practice is part of multiple practice progressions. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in the first progression include: ARCHITECTURE-4a, ARCHITECTURE-4d, ARCHITECTURE-4f, ARCHITECTURE-4h, ARCHITECTURE-5h. • The practices in the second progression include: ARCHITECTURE-4b, ARCHITECTURE-4e, ARCHITECTURE-4g, ARCHITECTURE-4h, ARCHITECTURE-5h.