CompTIA CASP+ (CAS-004) — Question 517

The findings from a recent penetration test report indicate a systematic issue related to cross-site scripting. A security engineer would like to prevent this type of issue for future reports. Which of the following mitigation strategies should the engineer use to best resolve the issue?

Answer options

• A. Implement static analysis with blocking capabilities in the CI/CD system.
• B. Request resources to develop a secure library to address encoding issues.
• C. Leverage an API management system to filter information.
• D. Configure a DAST tool for all applications.
• E. Require all developers to take secure coding training that focuses on OWASP principles.

Correct answer: A

Explanation

Implementing static analysis with blocking capabilities in the CI/CD system effectively catches cross-site scripting vulnerabilities during the development process, preventing them from being deployed. The other options, while valuable, either do not directly address the prevention of these vulnerabilities in real-time or focus on broader training and resource allocation without immediate implementation.