A new mobile application is being developed in-house. Security reviews did not pick up any major
flaws, however vulnerability scanning results show fundamental issues at the very end of the
project cycle. Which of the following security activities should also have been performed to
discover vulnerabilities earlier in the lifecycle?

A.
Architecture review

B.
Risk assessment

C.
Protocol analysis

D.
Code review