"Secure coding principles shall be applied to software development."[1]

The ISO 27002 guidance document recommends taking advantage of the planning stage to set standards and expectations for secure coding for both internal and outsourced development. Establishing developer proficiency in secure coding through training and education should be a focal point for organizations. When coding ISO 27002 suggests using secure language-specific practices and structured programming techniques for easier comprehension and debugging. The code should be appropriately documented to facilitate collaborative methods like pair programming and peer reviews for detecting and removing code defects and avoiding insecure programming techniques like hard-coded passwords lack of input validation and so on. This combined approach bolsters security and improves code quality. After deploying the code ensure that the live environment is checked consistently for vulnerabilities by scanning with a DAST/SAST tool as needed enabling and regularly reviewing the active logging of errors and security events and performing penetration tests.