CompTIA CySA+ (CS0-003) — Question 78

A software developer has been deploying web applications with common security risks to include insufficient logging capabilities. Which of the following actions would be most effective to reduce risks associated with the application development?

Answer options

• A. Perform static analyses using an integrated development environment
• B. Deploy compensating controls into the environment
• C. Implement server-side logging and automatic updates
• D. Conduct regular code reviews using OWASP best practices

Correct answer: D

Explanation

Option D is correct because regular code reviews using OWASP best practices help identify and rectify security vulnerabilities early in the development process. Options A, B, and C are helpful but do not specifically address the core issues related to security vulnerabilities in the code itself as effectively as regular reviews do.