CompTIA CASP+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Enhance your CompTIA CASP+ exam readiness with our comprehensive quizzes. Sharpen your skills with detailed flashcards and multiple choice questions, each with hints and in-depth explanations. Prepare effectively for this challenging exam!

Practice this question and more.

As part of the SDL, what security activity should be prioritized during the testing phase of a newly developed application?

Grey box penetration testing.
Static code review.
Dynamic analysis.
Threat modeling.

The correct answer is: Grey box penetration testing.

Focusing on grey box penetration testing as a prioritized security activity during the testing phase of a newly developed application is particularly effective because it combines the benefits of both the internal knowledge of the application and the perspective of an external threat actor. In the testing phase, the application is typically in a more or less complete state, making it a critical time to evaluate its security posture. Grey box penetration testing allows testers to have partial access to the internal workings (like source code or architecture documentation) while still simulating an external attacker's approach, which reveals how the application might perform against malicious attempts. This method can uncover vulnerabilities that may not be evident through static reviews or solely external testing efforts. By utilizing this approach, teams can identify and rectify design flaws, logic errors, and security gaps before the application goes live, thus significantly enhancing overall security. Other activities such as static code review and dynamic analysis are also crucial but often occur in earlier phases or as part of ongoing processes. Grey box testing prioritizes actionable, real-world insights that can directly influence the effectiveness of the application’s security before its release.