CompTIA Security+ (SY0-601) — Question 197

Which of the following would be the BEST resource for a software developer who is looking to improve secure coding practices for web applications?

Answer options

• A. OWASP
• B. Vulnerability scan results
• C. NIST CSF
• D. Third-party libraries

Correct answer: A

Explanation

OWASP is widely recognized for providing comprehensive guidelines and resources focused on secure coding practices, making it the best choice. Vulnerability scan results may indicate existing issues but do not provide proactive guidance on secure coding. NIST CSF is more about overall cybersecurity frameworks rather than specific coding practices, and third-party libraries can introduce vulnerabilities rather than enhance secure coding.