A software development team has spent the last 18 months developing a new web-based front-end that will allow clients to check the status of their orders as they proceed through manufacturing.
The marketing team schedules a launch party to present the new application to the client base in two weeks.
Before the launch, the security team discovers numerous flaws that may introduce dangerous vulnerabilities, allowing direct access to a database used by manufacturing.
The development team did not plan to remediate these vulnerabilities during development.
Which of the following SDLC best practices should the development team have followed?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The software development team should have followed the best practice of "Verifying system design documentation" during the SDLC (Software Development Life Cycle).
Explanation: Verifying system design documentation involves reviewing the system design documents to ensure that the requirements have been met, and all potential security risks have been addressed. It involves checking that the design of the system is robust, secure, and can withstand potential threats.
In this case, the development team did not plan to remediate the vulnerabilities during development, which indicates that they did not conduct a proper review of the system design documentation. They failed to identify potential vulnerabilities that could be exploited, leading to the exposure of the database used by manufacturing.
Implementing regression testing and completing user acceptance testing are also important best practices during the SDLC. Regression testing involves retesting the application to ensure that new changes do not break existing features. User acceptance testing is carried out to verify that the system meets the requirements of the client. However, these practices do not specifically address the issue of security vulnerabilities.
Using a Security Requirements Traceability Matrix (SRTM) is a tool that tracks the security requirements throughout the SDLC. It helps ensure that the system meets the security standards and requirements set by the organization. However, it is not a best practice for identifying and addressing security vulnerabilities during the development phase.
Therefore, the best practice that the development team should have followed during the SDLC is "Verifying system design documentation." This would have helped identify potential security vulnerabilities during the development phase, preventing the exposure of the database used by manufacturing.