Which practice addresses insecure communications in secure coding guidelines?

• A. Rely on obfuscation.
• B. Never encrypt communications.
• C. Properly authenticate and encrypt all sensitive communications.
• D. Use only basic authentication.

Answer: (C)

Protecting data in transit by authenticating and encrypting sensitive communications is what secure coding guidelines aim for. When information travels between client and server, it can be intercepted or altered. Encrypting the channel with a strong protocol like TLS prevents eavesdropping, tampering, and replay attacks, while authentication ensures you’re talking to the legitimate party. This combined approach addresses insecure communications by providing confidentiality, integrity, and authenticity for sensitive data in transit. Obfuscation does not protect communications and can be bypassed; not encrypting communications leaves data exposed; relying on basic authentication is insufficient because credentials can be easily captured and reused. So, properly authenticate and encrypt all sensitive communications is the correct practice.