Applications are comprehensively tested for vulnerabilities, using static application security testing and dynamic application security testing, prior to their initial release and any subsequent releases.
Topic
Application security testing
Applicable to
all
History
Priority
should
Jun 2024
Applications are comprehensively tested for vulnerabilities, using static application security testing and dynamic application security testing, prior to their initial release and any subsequent releases.
Minor grammar edits were made to controls without changing their intent.
Sep 2023
Applications are comprehensively tested for vulnerabilities, using both static application security testing and dynamic application security testing, prior to their initial release and any subsequent releases.
References to ‘security vulnerabilities’ were replaced with ‘vulnerabilities’.
Mar 2023
Applications are comprehensively tested for security vulnerabilities, using both static application security testing and dynamic application security testing, prior to their initial release and any subsequent releases.
An existing control relating to applications being ‘robustly tested for security vulnerabilities’ was amended to ‘comprehensively tested for security vulnerabilities, using both static application security testing and dynamic application security testing,’ to clarify the intent of the control as reflected in its associated rationale.
Mar 2022
Applications are robustly tested for security vulnerabilities by software developers, as well as independent parties, prior to their initial release and following any maintenance activities.
In addition to ensuring applications are robustly tested for security vulnerabilities prior to their initial release, they should also be robustly tested for security vulnerabilities following any maintenance activities. Subsequently, any security vulnerabilities that are identified should be remedied.
2017
Software should be tested for security vulnerabilities by an independent party as well as thesoftware developer before it is used in a production environment.
Control Text Changed. No public explaination.
2015
Software should be tested for vulnerabilities by an independent party as well as the softwaredeveloper before it is used in a production environment.
2010
Software should be reviewed or tested for vulnerabilities before it is used in a production environment.
2008
Software should be reviewed and/or tested for vulnerabilities before it is used in a production environment.