TechCorp aims to identify security vulnerabilities in its applications during development, before the applications are moved to cloud infrastructure. Which security tool should TechCorp implement to achieve this goal?
Practise this SecurityX Test Prep question free, then download the PDF, watch the video walkthrough, or unlock timed mock exams for the full web bank.
✓ Correct answer: B. SASTAnswer: SAST Static application security testing (SAST) tools analyze source code for potential security vulnerabilities such as buffer overflows and injection flaws early in the development lifecycle. This allows developers to rectify issues before deploying the application to the cloud. Dynamic application security testing (DAST) tools evaluate applications in runtime and do not analyze source code. A port scanner reviews network endpoints to identify open ports and running services. Vulnerability scanners are generally used to detect known vulnerabilities in deployed systems and applications.
Keep practising. Use the free SecurityX Test Prep PDF, watch the YouTube walkthrough, or unlock all 10 web questions with timed mock exams.