A security firm is writing a response to an RFP from a customer that is building a new network based software product. The firm’s expertise is in penetration testing
corporate networks. The RFP explicitly calls for all possible behaviors of the product to be tested, however, it does not specify any particular method to achieve this
goal. Which of the following should be used to ensure the security and functionality of the product? (Select TWO).
A.
Code review
B.
Penetration testing
C.
Grey box testing
D.
Code signing
E.
White box testing