Valid CAS-004 Dumps shared by ExamDiscuss.com for Helping Passing CAS-004 Exam! ExamDiscuss.com now offer the newest CAS-004 exam dumps, the ExamDiscuss.com CAS-004 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-004 dumps with Test Engine here:
During a software assurance assessment, an engineer notices the source code contains multiple instances of strcpy. which does not verify the buffer length. Which of the following solutions should be integrated into the SDLC process to reduce future risks?
Correct Answer: C
The source code in this scenario uses insecure functions like strcpy which are known for not checking buffer sizes, leading to buffer overflow vulnerabilities. The most effective solution is to update the company's secure coding policy to prohibit the use of insecure functions and replace them with safer alternatives, such as strncpy, which enforces buffer length checks. Integrating this change into the Software Development Life Cycle (SDLC) ensures that future code adheres to secure practices, thereby reducing the risk of vulnerabilities being introduced into production systems. This approach aligns with CASP+ guidelines that emphasize secure coding practices and policies to prevent common security flaws in software development. Reference: CASP+ CAS-004 Exam Objectives: Domain 2.0 - Enterprise Security Operations (Secure Coding Standards) CompTIA CASP+ Study Guide: Secure Coding and Prevention of Buffer Overflows