Certified Information Systems Security Professional (CISSP) — Question 444

Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks?

Answer options

• A. Scheduled team review of coding style and techniques for vulnerability patterns
• B. The regular use of production code routines from similar applications already in use
• C. Using automated programs to test for the latest known vulnerability patterns
• D. Ensure code editing tools are updated against known vulnerability patterns

Correct answer: C

Explanation

The correct answer is C because automated programs can efficiently test code against the latest vulnerability patterns, identifying issues that might be missed through manual reviews. Option A, while useful, may not be as thorough as automated testing. Option B does not ensure coverage of new vulnerabilities specific to the current codebase, and option D, while important for maintenance, does not actively test the code for vulnerabilities.