CompTIA CASP+ (CAS-004) — Question 275
A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation. The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program. Which of the following will BEST accomplish the company’s objectives?
Answer options
- A. RASP
- B. SAST
- C. WAF
- D. CMS
Correct answer: B
Explanation
SAST (Static Application Security Testing) analyzes source code for vulnerabilities early in the development process, allowing for quicker identification and remediation of issues before deployment. In contrast, RASP focuses on runtime protection, WAF is designed for web application security during operation, and CMS pertains to content management systems, none of which address vulnerabilities as effectively during the development phase.