Mark is responsible for secure programming at his company. He wants to implement steps to validate the security of software design. At what phase in the SDLC should he implement design validation for security?

A.
After the design phase

B.
This is not a part of SDLC

C.
During the testing phase

D.
At every phase

Explanation:
Every phase of the SDLC could potentially change the design, even slightly. Therefore the security of the design must be validated.

Answer option A is incorrect. Yes you would validate the design after the design phase, but this is not the only time you would validate it.

Answer option C is incorrect. Validation would occur during testing, but also during other phases.

Answer option B is incorrect. Design validation should be a part of every phase of the SDLC.