CompTIA CASP+ (CAS-004) — Question 423

During a software assurance assessment, an engineer notices the source code contains multiple instances of strcpy, which does not verify the buffer length. Which of the following solutions should be integrated into the SDLC process to reduce future risks?

Answer options

• A. Require custom IDS/IPS detection signatures for each type of insecure function found.
• B. Perform a penetration test before moving to the next step of the SDLC.
• C. Update the company's secure coding policy to exclude insecure functions.
• D. Perform DAST/SAST scanning before handoff to another team.

Correct answer: D

Explanation

The correct answer is D because performing DAST/SAST scanning helps identify security vulnerabilities early in the development process, allowing for timely remediation. The other options do not directly address the integration of security practices into the SDLC or may not be as effective in preventing future occurrences of insecure functions.