ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During sprint planning for a new customer-facing web application, the security architect wants to reference an industry standard that lists detailed, testable security requirements for areas such as authentication, session management, input validation, and cryptographic storage. Which standard should the team adopt to embed these requirements directly into user stories and acceptance criteria?
OWASP Application Security Verification Standard (ASVS)
NIST Special Publication 800-53 control catalog
ISO/IEC 27001 Information Security Management System
The OWASP Application Security Verification Standard (ASVS) is specifically designed to provide developers, testers, and architects with a comprehensive, language-agnostic set of detailed and testable security controls for software, particularly web applications. ASVS organizes requirements by areas such as authentication, session management, access control, input validation, and cryptography, making it well suited for inclusion in Agile user stories and acceptance criteria.
NIST SP 800-53 and the CIS Critical Security Controls address broader organizational or system-level security controls rather than granular software-specific requirements. ISO/IEC 27001 defines an information security management system framework but does not supply the detailed application security requirements needed for day-to-day development tasks. Therefore, OWASP ASVS is the most appropriate choice for embedding concrete security requirements into the Agile development process.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is OWASP ASVS?
Open an interactive chat with Bash
How does OWASP ASVS compare to NIST SP 800-53?
Open an interactive chat with Bash
Why isn’t ISO/IEC 27001 suited for embedding security into software development?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Lifecycle Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .