While reviewing a recent compromise a forensics team discovers that there are hard-coded credentials in the database connection strings. Which of the following assessment types should be performed during software development to prevent this from reoccurring?

Rationale

Static analysis helps identify hard-coded credentials and other insecure coding practices during software development.

Static analysis is the process of examining source code without executing the application. Security-focused static analysis tools can detect vulnerabilities such as hard-coded usernames, passwords, API keys, insecure functions, and improper coding practices early in the development lifecycle. Detecting these issues before deployment helps prevent security compromises.

A (Vulnerability scan) YOUR ANSWER

A vulnerability scan examines running systems, applications, or network devices for known vulnerabilities and misconfigurations. While useful for identifying security weaknesses in deployed environments, it is less effective at detecting insecure coding practices embedded directly in source code during development.

B (Penetration test) YOUR ANSWER

A penetration test simulates real-world attacks against an application or system to identify exploitable weaknesses. Although a penetration test might eventually uncover exposed credentials, it occurs later in the security assessment process and is not specifically designed to detect hard-coded secrets in source code.

C (Static analysis) CORRECT

— Correct Answer
Static analysis reviews application source code without executing it. This method is highly effective for identifying hard-coded credentials, insecure code patterns, and other development-related security flaws before the software is released into production.

D (Quality assurance) YOUR ANSWER

Quality assurance (QA) focuses primarily on verifying that software functions correctly and meets business requirements. While QA testing may identify some issues, it is not specifically intended to detect security vulnerabilities such as hard-coded credentials.

Conclusion

Static analysis is the best assessment type for preventing hard-coded credentials from being introduced into applications. By analyzing source code during development, organizations can identify and remediate security weaknesses early, reducing the risk of future compromises.

While reviewing a recent compromise a forensics team discovers that there are hard-coded credentials in the database connection strings. Which of the following assessment types should be performed during software development to prevent this from reoccurring?

Static analysis helps identify hard-coded credentials and other insecure coding practices during software development.

Related Questions

Related Quizzes

How familiar were you with this question?

Report an Issue

Rate this Practice Test