D is the best answer. Typical source code vulnerabilities are best detected using automated analysis tools like static application security testing (SAST).
A - Multi-step process attacks are complex and span business logic and workflows, difficult for automated tools to detect.
B - Business logic flaws require understanding of application's intended behavior, hard to detect automatically.
C - Valid CSRF tokens can look like false positives, automated tools may not determine legitimacy well.
In contrast, typical code flaws like SQLi, XSS, insecure functions etc. are well detected by SAST which analyzes source code for known vulnerable patterns. Automated analysis excels at finding these typical vulnerabilities that have known signatures in code.
D.
https://www.techtarget.com/searchsecurity/definition/vulnerability-assessment-vulnerability-analysis
Application scans test websites to detect known software vulnerabilities and incorrect configurations in network or web applications.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
InclusiveSTEAM
4 months, 2 weeks agoFiredragon
1 year, 3 months agojackdryan
10 months agodev46
1 year, 5 months agoCharlesL
1 year, 5 months ago