In Module 6 homework, you described and compared different kinds of software test and analysis tools. In this homework, you will evaluate the effectiveness of the same tools and methods.
· Static Code Analysis
· Dynamic Code Analysis
· Peer Review
· Quality Assurance Testing
· Penetration Testing
· Fuzzing
The following table shows phases of an SDLC very briefly. Note that the phases correspond to 4 business functions of the SAMM (https://owaspsamm.org/release-notes-v2/)
|
Design |
Development |
Testing |
Operation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Question 1
Place each software analysis technique to the corresponding cell(s).
Question 2
Which control is most proactive? Why?
Question 3
Select three analysis techniques from the list. How do you measure and improve the effectiveness of the analysis techniques you selected? Describe.