CompTIA CASP+ (CAS-004) — Question 406

A recent batch of bug bounty findings indicates a systematic issue related to directory traversal. A security engineer needs to prevent flawed code from being deployed into production. Which of the following is the best mitigation strategy for the engineer?

Answer options

• A. Setting up secure development training with a focus on filesystem access issues
• B. Implementing static code analysis testing into the CI/CD pipeline and blocking based on findings
• C. Using a software composition analysis tool to look for directory traversal issues in the application
• D. Developing a secure library for filesystem access and blocking builds that do not use the library
• E. Leveraging a dynamic application security testing tool to uncover issues related to directory traversal

Correct answer: B

Explanation

The best mitigation strategy is to implement static code analysis testing in the CI/CD pipeline, as it allows for early detection and prevention of vulnerabilities before code reaches production. The other options, while useful, either focus on training, detection after the fact, or rely on alternative methods that may not catch all issues effectively.