nerdexam
(ISC)2

CISSP · Question #1135

Secure coding can be developed by applying which one of the following?

The correct answer is B. Applying the industry best practice coding guidelines. Secure coding practices are established through adherence to industry-recognized guidelines that define safe programming techniques and vulnerability mitigation strategies.

Submitted by omar99· Mar 5, 2026Software Development Security

Question

Secure coding can be developed by applying which one of the following?

Options

  • AApplying the organization's acceptable use guidance
  • BApplying the industry best practice coding guidelines
  • CApplying rapid application development (RAD) coding
  • DApplying the organization's web application firewall (WAF) policy

How the community answered

(25 responses)
  • B
    88% (22)
  • C
    8% (2)
  • D
    4% (1)

Why each option

Secure coding practices are established through adherence to industry-recognized guidelines that define safe programming techniques and vulnerability mitigation strategies.

AApplying the organization's acceptable use guidance

An acceptable use policy governs how end users may use organizational IT resources and does not provide technical coding standards or development security controls.

BApplying the industry best practice coding guidelinesCorrect

Industry best practice coding guidelines, such as those published by OWASP (e.g., the OWASP Secure Coding Practices Quick Reference Guide) or CERT, provide developers with specific, technically validated rules for preventing common vulnerabilities like injection flaws, buffer overflows, and authentication weaknesses. These guidelines are developed by security experts and are broadly applicable across programming languages and platforms, forming the foundation of a secure software development lifecycle (SSDLC).

CApplying rapid application development (RAD) coding

Rapid Application Development (RAD) is a software development methodology focused on speed and iterative delivery, not on embedding security controls or secure coding standards into the development process.

DApplying the organization's web application firewall (WAF) policy

A Web Application Firewall (WAF) policy is a runtime security control that filters malicious HTTP traffic at the network perimeter, but it does not guide developers on how to write secure code during the development phase.

Concept tested: Secure coding standards and industry best practices

Source: https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/

Topics

#secure coding#software development security#best practices#code review

Community Discussion

No community discussion yet for this question.

Full CISSP Practice