Answer :
- Disciplined coding practices and processes
Explanation :
Most of the items on the Top Ten could be attenuated with strong coding practices and by adhering to strict internal management processes (on the part of the organization involved in development). A good number of the items on the 2013 list, such as injection, cross-site scripting, insecure direct object references, security misconfiguration, missing function level access control, using components with known vulnerabilities, and unvalidated redirects and forwards, can all be addressed by basic development practices, such as bounds checking/input validation, code validation/verification protocols, and informed oversight of the project.Strangely, option A is not correct in this case. While social engineering is perhaps the aspect of information security that is least understood (by users) and most easy to exploit, as well as the attack tactic most likely to succeed, and social engineering training could probably reduce the greatest number of overall security threats in our field today, this specific question is all about application security, and the element of social engineering is negligible.Option C is not correct because source code testing is only one aspect of code review and would not address as many items on the Top Ten as option B.Option D is not correct for much the same reason option A is incorrect; this question is specifically about application security, and the physical protection element is very minor.