CompTIA CASP+ (CAS-004) — Question 378

A Chief Information Security Officer is concerned about the condition of the code security being used for web applications. It is important to get the review right the first time, and the company is willing to use a tool that will allow developers to validate code as it is written. Which of the following methods should the company use?

Answer options

• A. SAST
• B. DAST
• C. Fuzz testing
• D. Intercepting proxy

Correct answer: A

Explanation

The correct answer is A, SAST (Static Application Security Testing), which allows for code analysis during the development phase, enabling immediate feedback on security vulnerabilities. Options B (DAST) focuses on testing running applications, which is less effective for immediate code validation. C (Fuzz testing) is more about sending random data to find vulnerabilities in applications, and D (Intercepting proxy) is used for analyzing traffic rather than direct code validation.