Ann, the software security engineer, works for a major software vendor. Which of the following

practices should be implemented to help prevent race conditions, buffer overflows, and other
similar vulnerabilities prior to each production release?

A.
Product baseline report

B.
Input validation

C.
Patch regression testing

D.
Code review

Explanation:
The problems listed in this question can be caused by problems with the application code.
Reviewing the code will help to prevent the problems.
The purpose of code review is to look at all custom written code for holes that may exist. The
review needs also to examine changes that the code—most likely in the form of a finished
application—may make: configuration files, libraries, and the like. During this examination, look for
threats such as opportunities for injection to occur (SQL, LDAP, code, and so on), cross-site
request forgery, and authentication. Code review is often conducted as a part of gray box testing.
Looking at source code can often be one of the easiest ways to find weaknesses within the
application. Simply reading the code is known as manual assessment, whereas using tools to
scan the code is known as automated assessment.