A new mobile application is being developed in-house. Security reviews did not pick up any major flaws,
however vulnerability scanning results show fundamental issues at the very end of the project cycle. Which of
the following security activities should also have been performed to discover vulnerabilities earlier in the
lifecycle?
A.
Architecture review
B.
Risk assessment
C.
Protocol analysis
D.
Code review