IT Examiner School eBook May 2025

Internal Use Only

Group Activity: What’s in a Change?

Which of the following on the right would be included in (Major, Routine, or Emergency) Change?

1. Approval of upper management

2. Testing of the update prior to implementation

3. Backout procedures

A.Major Changes B.Routine Changes C.Emergency Changes

4. Update procedures and user training

5. Implementation of the update

6. Documentation of problems and issues

Internal Use Only

Secure Coding Standards Coding practices are consistent and documented to prevent vulnerabilities such as SQL Injection, cross-site, and buffer overflows. S ecure coding guidelines (e.g., OWASP Top 10). Input Validation & Error Handling All user input must be validated at both the client and server side. Implement proper error handling to avoid revealing sensitive system details in messages or logs. Code Review & Peer Validation Regular peer reviews or automated static code analysis should be conducted to detect and address security flaws. Least Privilege & Access Control Code should enforce the principle of least privilege —only granting necessary access based on role or function. Ensure proper session management and secure authentication routines are implemented. Testing for Security Conduct security-focused unit, integration, and regression testing . Include vulnerability scanning and penetration testing of the application or system prior to deployment. Version Control & 3 rd Party Libraries All code changes should be tracked using version control systems. Vet all third-party or open-source components for known vulnerabilities (Open-Source).

Development & Acquisition Secure Code & Programming Controls