The correct answer is moving security testing earlier in the development process. The "shift-left" approach refers to moving security activities earlier (to the "left") in the software development lifecycle, rather than treating security as an afterthought. This approach integrates security throughout development, making it possible to identify and address vulnerabilities when they're less expensive to fix. Implementing SHA-256 hashing algorithms in place of MD5 is a specific security improvement related to cryptographic algorithm selection, but it doesn't represent the "shift-left" concept. This answer describes a technical control change rather than a development process philosophy. Performing multiple secure overwrite passes on development servers relates to media sanitization procedures, which is a specific security control for protecting data on redeployed systems. This is unrelated to the "shift-left" concept of integrating security throughout the development lifecycle. Conducting both static and dynamic security testing during pre-deployment is actually the opposite of "shift-left" because it positions security testing at the end of the development cycle (right before deployment) rather than incorporating it throughout the entire process from the beginning.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the benefits of adopting a shift-left approach in software development?
Open an interactive chat with Bash
What specific practices can organizations implement to effectively shift-left security?
Open an interactive chat with Bash
How does the shift-left approach differ from traditional security methods?
Open an interactive chat with Bash
ISC2 CISSP
Software Development Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access