CompTIA CySA+ (CS0-002) — Question 408

A company's application development has been outsourced to a third-party development team. Based on the SLA, the development team must follow industry best practices for secure coding. Which of the following is the BEST way to verify this agreement?

Answer options

• A. Input validation
• B. Security regression testing
• C. Application fuzzing
• D. User acceptance testing
• E. Stress testing

Correct answer: C

Explanation

Application fuzzing is the most effective method for verifying adherence to secure coding practices because it involves testing the application with random or unexpected inputs to identify vulnerabilities. Input validation, security regression testing, user acceptance testing, and stress testing, while important, do not specifically evaluate the robustness of the application's handling of unexpected inputs in the same way that fuzzing does.