The answer D is correct. Page 747 OSG 9th edition. SAST is used during development throughout a project. DAST is typically used if there is no source code or when its off the shelf software.
D. Static application security testing (SAST).
Static Application Security Testing (SAST) is a security testing method that analyzes source code, bytecode, or binary code for vulnerabilities without executing the program. It is performed early in the SDLC, typically during the coding and development phase. SAST tools examine the codebase for known security issues, coding errors, and vulnerabilities.
SAST helps developers identify and remediate security issues before the application is deployed, making it an effective approach for ensuring secure development throughout the project. It allows developers to address security concerns at the code level, reducing the likelihood of security vulnerabilities making their way into the final product.
D: "SAST takes place very early in the software development life cycle (SDLC) as it does not require a working application and can take place without code being executed. It helps developers identify vulnerabilities in the initial stages of development and quickly resolve issues without breaking builds or passing on vulnerabilities to the final release of the application."
https://www.synopsys.com/glossary/what-is-sast.html
I'm selecting B. Waterfall for this question.
Waterfall is a methodology or model to develop a project.
I do see that it is asking for security technique and I have no idea how DAST and SAST ensure secure development throughout a project. I just know DAST is runtime and SAST is when it is not running. SOAP, I think deals more with Internet stuff. Please someone inform me if my logic makes sense or not.
Go with option D. SAST is a type of security testing that analyzes source code to find security vulnerabilities that make applications susceptible to attack. By analyzing code early in the SDLC, SAST tools can identify vulnerabilities early in the development process, which can reduce the cost of fixing security issues later in the SDLC. This technique can help ensure that security is built into the application from the beginning, rather than being bolted on at the end.
SAST is during development phase, DAST is after the deployment or while app is running
upvoted 7 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
[Removed]
Highly Voted 1 year, 8 months agojackdryan
1 year, 6 months agoSoleandheel
Most Recent 11 months, 1 week agoHughJassole
1 year, 5 months agoiwannapass
1 year, 9 months agoArsh_2022
1 year, 8 months agoinvincible96
1 year, 8 months agoyottabyte
1 year, 9 months agocrishnamohan
1 year, 9 months ago