An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company
and wants to integrate security activities into the SDLC.
Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO).
A.
Static and dynamic analysis is run as part of integration
B.
Security standards and training is performed as part of the project
C.
Daily stand-up meetings are held to ensure security requirements are understood
D.
For each major iteration penetration testing is performed
E.
Security requirements are story boarded and make it into the build
F.
A security design is performed at the end of the requirements phase