2/22/26, 8:18 AM D487 STUDY GUIDE FULLY EXAM Questions & Answers, Well Elaborated | Already Verified Test |100% Verified solutions | \2026 L…
D487 STUDY GUIDE FULLY EXAM Questions &
Answers, Well Elaborated | Already Verified Test
|100% Verified solutions | \2026 Latest!!
Save
Terms in this set (89)
Building Security In Maturity Model A study of real-world software security initiatives
(BSIMM) organized so that you can determine where you
stand with your software security initiative and how
to evolve your efforts over time
SAMM offers a roadmap and a well-defined maturity
model for secure software development and
deployment, along with useful tools for self-
assessment and planning.
Core OpenSAMM activities Governance
Construction
Verification
Deployment
static analysis Source code of an application is reviewed
manually or with automatic tools without running
the code
dynamic analysis Analysis and testing of a program occurs while it is
being executed or run
https://quizlet.com/1146794499/d487-study-guide-fully-exam-questions-answers-well-elaborated-already-verified-test-100-verified-solutions-2026-late… 1/12
, 2/22/26, 8:18 AM D487 STUDY GUIDE FULLY EXAM Questions & Answers, Well Elaborated | Already Verified Test |100% Verified solutions | \2026 L…
Fuzzing Injection of randomized data into a software
program in an attempt to find system failures,
memory leaks, error handling issues, and improper
input validation
OWASP ZAP -Open-source web application security scanner-
Can be used as a proxy to manipulate traffic
running through it (even https)
ISO/IEC 27001 Specifies requirements for establishing,
implementing, operating, monitoring, reviewing,
maintaining and improving a documented
information security management system
ISO/IEC 17799 ISO/EIC is a joint committee that develops and
maintains standards in the IT industry. 17799 is an
international code of practice for information
security management. This section defines
confidentiality, integrity and availability controls.
ISO/IEC 27034 A standard that provides guidance to help
organizations embed security within their
processes that help secure applications running in
the environment, including application lifecycle
processes
Software security champion a developer with an interest in security who helps
amplify the security message at the team level
waterfall methodology a sequential, activity-based process in which each
phase in the SDLC is performed sequentially from
planning through implementation and maintenance
https://quizlet.com/1146794499/d487-study-guide-fully-exam-questions-answers-well-elaborated-already-verified-test-100-verified-solutions-2026-late… 2/12
D487 STUDY GUIDE FULLY EXAM Questions &
Answers, Well Elaborated | Already Verified Test
|100% Verified solutions | \2026 Latest!!
Save
Terms in this set (89)
Building Security In Maturity Model A study of real-world software security initiatives
(BSIMM) organized so that you can determine where you
stand with your software security initiative and how
to evolve your efforts over time
SAMM offers a roadmap and a well-defined maturity
model for secure software development and
deployment, along with useful tools for self-
assessment and planning.
Core OpenSAMM activities Governance
Construction
Verification
Deployment
static analysis Source code of an application is reviewed
manually or with automatic tools without running
the code
dynamic analysis Analysis and testing of a program occurs while it is
being executed or run
https://quizlet.com/1146794499/d487-study-guide-fully-exam-questions-answers-well-elaborated-already-verified-test-100-verified-solutions-2026-late… 1/12
, 2/22/26, 8:18 AM D487 STUDY GUIDE FULLY EXAM Questions & Answers, Well Elaborated | Already Verified Test |100% Verified solutions | \2026 L…
Fuzzing Injection of randomized data into a software
program in an attempt to find system failures,
memory leaks, error handling issues, and improper
input validation
OWASP ZAP -Open-source web application security scanner-
Can be used as a proxy to manipulate traffic
running through it (even https)
ISO/IEC 27001 Specifies requirements for establishing,
implementing, operating, monitoring, reviewing,
maintaining and improving a documented
information security management system
ISO/IEC 17799 ISO/EIC is a joint committee that develops and
maintains standards in the IT industry. 17799 is an
international code of practice for information
security management. This section defines
confidentiality, integrity and availability controls.
ISO/IEC 27034 A standard that provides guidance to help
organizations embed security within their
processes that help secure applications running in
the environment, including application lifecycle
processes
Software security champion a developer with an interest in security who helps
amplify the security message at the team level
waterfall methodology a sequential, activity-based process in which each
phase in the SDLC is performed sequentially from
planning through implementation and maintenance
https://quizlet.com/1146794499/d487-study-guide-fully-exam-questions-answers-well-elaborated-already-verified-test-100-verified-solutions-2026-late… 2/12
