Certified Information Security Manager (CISM) — Question 935
Which of the following information security practices would BEST prevent a SQL injection attack?
Answer options
- A. Adopting agile development
- B. Enhancing the patching program
- C. Training developers on secure coding practices to reduce vulnerabilities
- D. Performing vulnerability testing before each version release
Correct answer: C
Explanation
The correct answer is C because training developers on secure coding practices directly addresses the prevention of SQL injection vulnerabilities by ensuring that they understand how to write safe code. Options A and B, while important for overall security, do not specifically target SQL injection prevention. Option D, although valuable, is reactive rather than proactive and does not replace the need for secure coding knowledge.