Security in SDLC

Answer: The whole section A.14 from ISO 27001 Annex A can provide you support for security testing to be included in you SDLC:
- From control A.14.2.1 (Secure development policy) you can get support to establish high level rules for security testing (e.g., the need to perform security testing).
- From control A.14.1.1 (Information security requirements analysis and specification) you can get support to establish security requirements for your systems (e.g., system should fail securely in case of error).
- From control A.14.2.8 (System security testing) you can get support to establish how to perform security testing (e.g., white/black box testing).

And finally, from the control A.14.3.1 (Protection of test data) you can establish directives to protect testing data, so the tests conditions can emulate the real environment as best as possible without putting t he real data at risk.

These articles will provide you further explanation about Security in SDLC:
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
- How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
- What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/

These materials will also help you regarding Security in SDLC:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/