CISSP · Question #1135
Secure coding can be developed by applying which one of the following?
The correct answer is B. Applying the industry best practice coding guidelines. Secure coding practices are established through adherence to industry-recognized guidelines that define safe programming techniques and vulnerability mitigation strategies.
Question
Secure coding can be developed by applying which one of the following?
Options
- AApplying the organization's acceptable use guidance
- BApplying the industry best practice coding guidelines
- CApplying rapid application development (RAD) coding
- DApplying the organization's web application firewall (WAF) policy
How the community answered
(25 responses)- B88% (22)
- C8% (2)
- D4% (1)
Why each option
Secure coding practices are established through adherence to industry-recognized guidelines that define safe programming techniques and vulnerability mitigation strategies.
An acceptable use policy governs how end users may use organizational IT resources and does not provide technical coding standards or development security controls.
Industry best practice coding guidelines, such as those published by OWASP (e.g., the OWASP Secure Coding Practices Quick Reference Guide) or CERT, provide developers with specific, technically validated rules for preventing common vulnerabilities like injection flaws, buffer overflows, and authentication weaknesses. These guidelines are developed by security experts and are broadly applicable across programming languages and platforms, forming the foundation of a secure software development lifecycle (SSDLC).
Rapid Application Development (RAD) is a software development methodology focused on speed and iterative delivery, not on embedding security controls or secure coding standards into the development process.
A Web Application Firewall (WAF) policy is a runtime security control that filters malicious HTTP traffic at the network perimeter, but it does not guide developers on how to write secure code during the development phase.
Concept tested: Secure coding standards and industry best practices
Source: https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/
Topics
Community Discussion
No community discussion yet for this question.