Exam CAS-004 topic 1 question 519 discussion

 DAST can simulate SQL injection and reflected XSS attacks by dynamically testing the application in its running state  SAST can analyze the source code to ensure the application is not susceptible to memory leaks by identifying potential vulnerabilities in the code before it is executed

D. DAST (Dynamic Application Security Testing) DAST is a security testing technique that scans a running application to identify vulnerabilities, including SQL injection and XSS attacks. It tests the application in its deployed state, which aligns with the requirement to initiate SQL injection and reflected XSS attacks. E. Fuzz testing Fuzz testing involves sending random or malformed data to an application to identify unexpected behaviors, such as memory leaks, crashes, and security vulnerabilities. This would help identify issues like memory leaks in the application.

Ans. DE. D. DAST (Dynamic Application Security Testing) E. Fuzz testing. DAST can simulate attacks such as SQL injection and XSS in a running application, while fuzz testing can help identify vulnerabilities including memory leaks by inputting random data into the application to observe behavior.

DAST (Dynamic Application Security Testing): DAST is a type of black-box testing that involves testing an application in its running state. It can initiate SQL injection and reflected XSS attacks by simulating these attacks against the live application to identify vulnerabilities. This meets the first requirement of initiating SQL injection and reflected XSS attacks. SAST (Static Application Security Testing): SAST is a type of white-box testing that involves analyzing the source code of an application. It can detect vulnerabilities related to memory management, such as memory leaks, by examining the code for issues that could lead to such problems. This meets the second requirement of ensuring the application is not susceptible to memory leaks.