While reviewing a recent compromise, a forensics team discovers that there are hard-coded credentials in the database connection strings. Which of the following assessment types should be performed during software development to prevent this from reoccurring?

A vulnerability scan is a process that scans a system or application for known vulnerabilities, but it typically focuses on deployed systems rather than the underlying code. While it can help identify risks in production environments, it is not designed to catch issues like hard-coded credentials at the code level during development.

A penetration test simulates an attack on a system to identify security weaknesses. This method is more effective for evaluating the security of a deployed application rather than the code itself. It may uncover hard-coded credentials during testing, but it does not proactively prevent the issue in the coding phase.

Quality assurance (QA) focuses on ensuring that the software meets specified requirements and is free from defects. While QA is essential for software reliability and performance, it does not specifically target security issues like hard-coded credentials unless it incorporates security testing practices, which is not its primary function.