Exam CAS-004 topic 1 question 632 discussion

Source 2. A. Implement static analysis with blocking capabilities in the CI/CD system. Static analysis can automatically scan code for potential XSS vulnerabilities before deployment. Integrating this into the CI/CD pipeline allows for early detection and prevention of vulnerabilities. Blocking capabilities prevent the deployment of code containing identified XSS vulnerabilities. Source 3. Static Application Security Testing (SAST) integrated into the CI/CD pipeline can automatically detect XSS vulnerabilities in the codebase before deployment. Blocking capabilities ensure that vulnerable code cannot proceed to production unless fixed, enforcing security early in development. This is a scalable, automated approach that prevents XSS at the source rather than relying on manual reviews or post-deployment fixes.

Source 1. Cross-site scripting (XSS) vulnerabilities typically result from improper input validation and encoding in web applications. To prevent XSS issues systematically, an effective strategy is to integrate static application security testing (SAST) tools with blocking capabilities into the CI/CD pipeline. REASONS: SAST tools scan source code before deployment, identifying potential XSS vulnerabilities at an early stage. When integrated into CI/CD, these tools prevent insecure code from being deployed. Blocking capabilities enforce security policies, ensuring developers fix issues before merging code.

I think option A would be more efective in this scenario.

o This option is the most effective because it addresses the root cause by educating developers on secure coding practices. Training developers on OWASP principles ensures they understand how to prevent XSS vulnerabilities through proper input validation, output encoding, and other security measures.