CompTIA CASP+ (CAS-004) — Question 388

An application security engineer is performing a vulnerability assessment against a new web application that uses SAML. The engineer wants to identify potential authentication issues within the application. Which of the following methods would be most appropriate for the engineer to perform?

Answer options

• A. Fuzz testing
• B. Static analysis
• C. Side-channel analysis
• D. Dynamic analysis

Correct answer: D

Explanation

Dynamic analysis is the most suitable method as it involves testing the application in a runtime environment, allowing the engineer to evaluate its behavior and identify authentication issues as they occur. Fuzz testing, static analysis, and side-channel analysis are less effective in this context because they do not provide real-time insights into the application's authentication processes.